xxyopen Novel SQL Injection Vulnerability in Book Search API

A critical SQL injection vulnerability has been identified in xxyopen Novel versions through 3.4.1. The issue arises in the Book Search API, specifically within the 'sort' parameter, allowing for remote exploitation. The vulnerability is rooted in the application's trust in user input, which is improperly sanitized before being used in SQL queries. This flaw could potentially be leveraged to extract database information or, if the SQL database is misconfigured, execute arbitrary code via user-defined functions.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate SQL queries to access or modify database information. Additionally, if the database is not properly secured, this could lead to remote code execution.

Reproduction

To reproduce this vulnerability, send a GET request to the '/api/front/search/books' endpoint. Include a 'sort' parameter with a crafted SQL injection payload, such as an 'IF' statement that exploits time-based SQL injection techniques. The injection takes advantage of the application's lack of input validation, allowing the injected SQL code to be executed on the server.