aaPanel BaoTa SQL Injection Vulnerability in Backend Component

A SQL injection vulnerability has been identified in aaPanel BaoTa versions through 11.1.0. The issue resides in the backend component, specifically within the file '/database?action=GetDatabaseAccess'. The vulnerability is triggered by manipulating the 'Name' argument, allowing for remote exploitation. This vulnerability has been publicly disclosed, and an exploit is available.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can interfere with the application's database queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, log into aaPanel BaoTa using the default credentials. After installation, use a tool like Burp Suite to intercept the request made to '/database?action=GetDatabaseAccess'. Modify the 'Name' parameter to include a payload that exploits the SQL injection vulnerability, such as one that extracts database information or executes arbitrary SQL commands. Once the payload is injected, send the request and observe the response for indications of successful exploitation, such as returned database values or application errors that reveal database information.