代码拉取完成,页面将自动刷新
inxedu has a SQL Injection vulnerability。
1、the vulnerability code location
com.inxedu.os.edu.controller.user.UserController#deleteFavorite
it calls
courseFavoritesService.deleteCourseFavoritesById(ids)
inxedu use Mybatis, the logic is in mybatis/inxedu/course/CourseFavoritesMapper.xml
Here use '$', so it is vulnerable to SQL injection.
2、POC
http://test.com/uc/deleteFaveorite/65,(select*from(select(sleep(2)))a)
It will sleep 2 seconds.
3、Fix
use '#' instead.