config-store-2.1.0 Java Project is vulnerable to SQL injection at multiple place #1607
Description
It has been identified that config-store-2.1.0 Java Project is vulnerable to SQL injection at multiple place for different files since user input is directly appended in following files at mentioned SQL queries.
Package Information:
<groupId>org.nhind</groupId>
<artifactId>config-store</artifactId>
<version>2.1.0-SNAPSHOT</version>
1) SQLi injection in AnchorDaoImpl.java
File Path:- org.nhindirect.config.store.dao.impl.AnchorDaoImpl.java”
Vulnerable SQL Query:- "SELECT a from Anchor a WHERE UPPER(a.owner) IN " + nameList.toString();
a) Code screenshot
b) Inserted payload which shows SQL query structure in response due to error:
c) Inserted payload which exploited vulnerable sql query and disclose sensitive information
2) SQLi injection in SettingDaoImpl.java
File Path:- org.nhindirect.config.store.dao.impl.SettingDaoImpl.java
Vulnerable SQL Query:- "SELECT s from Setting s WHERE UPPER(s.name) IN " + nameList.toString();
a) Code screenshot
b) Inserted payload which shows SQL query structure in response due to error:
c) Inserted payload which exploited vulnerable sql query and disclose sensitive information
3) SQLi injection in DomainDaoImpl.java
File Path:- org.nhindirect.config.store.dao.impl.DomainDaoImpl.java
Vulnerable SQL Query:- "SELECT d from Domain d WHERE UPPER(d.domainName) IN " + nameList.toString();
a) Code screenshot
b) Inserted payload which shows SQL query structure in response due to error:
c) Inserted payload which exploited vulnerable sql query and disclose sensitive information
- SQLi injection in AddressDaoImpl.java
File Path:- org.nhindirect.config.store.dao.impl.AddressDaoImpl.java
Vulnerable SQL Query:- "SELECT a from Address a WHERE UPPER(a.emailAddress) IN " + nameList.toString();
a) Code screenshot
