SQL injection exists in the Mini-Tmall
website: https://gitee.com/project_team/Tmall_demo
version: 2023/10/17 latest
Function point: Background Management---->User query function
Route: r=tmall/admin/user/1/1?orderBy=X
The injection parameter: orderBy exists
The database name was successfully exploded using sqlmap
Invoke the getList() method through the orderBy parameter
The getList() method calls the getList() method of the service layer
The select() method calls the getList() method of the mapper layer
Finally, the SQL statement is executed in the select() method