JoeyBling Bootplus SQL Injection Vulnerability in Log Management Functionality

A critical SQL injection vulnerability has been identified in JoeyBling Bootplus versions prior to commit 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. The issue arises in the log management feature, specifically within the file '/admin/sys/log/list'. The vulnerability allows for remote exploitation by manipulating the 'logId' parameter, which is not properly sanitized before being processed. This oversight enables attackers to inject malicious SQL commands, potentially leading to unauthorized data access or manipulation.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, send a request to the '/admin/sys/log/list' endpoint. Include the 'sort' parameter with a value that concatenates the 'logId' identifier and an SQL injection payload, such as an 'extractvalue' function call. The 'order', 'offset', and 'limit' parameters can be set to their default values or adjusted as needed. The injected payload will be executed by the server, demonstrating the SQL injection vulnerability.