Dromara dataCompare JDBC URL Injection Vulnerability in DbConfig Function
Vulnerability
A critical injection vulnerability has been identified in Dromara dataCompare versions through 1.0.1. The issue arises in the DbConfig function within the DbconfigServiceImpl.java file, part of the JDBC URL Handler component. The vulnerability allows attackers to manipulate the JDBC URL by injecting harmful connection parameters. This exploitation can be executed remotely and may lead to arbitrary file reading, server-side request forgery (SSRF), or deserialization-based remote code execution.
Impact
Exploitation of this vulnerability could result in arbitrary file read, SSRF, or deserialization-based remote code execution.
Reproduction
To reproduce this vulnerability, log into the application and access the API endpoint '/system/dbconfig/testConnection'. During this request, inject a crafted JDBC connection that includes malicious parameters such as 'allowLoadLocalInfile', 'allowUrlInLocalInfile', and 'autoDeserialize'.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.