Youlaitech Youlai-Mall SQL Injection Vulnerability in App-Side Product Pagination Endpoint
Vulnerability
A SQL injection vulnerability has been identified in Youlaitech Youlai-Mall version 2.0.0. The issue arises in the app-side product pagination endpoint, specifically within the 'listPagedSpuForApp' function of the SpuController.java file. The vulnerability is caused by the MyBatis framework's use of unescaped string interpolation, allowing attackers to manipulate the 'sortField' and 'sort' parameters. This exploitation can be done remotely and has been publicly disclosed, with an available proof-of-concept exploit.
Impact
Exploitation of this vulnerability allows for unauthorized SQL injection, where attackers can inject and execute arbitrary SQL commands. This could lead to extraction of sensitive data from the database, such as user credentials.
Reproduction
The vulnerability can be reproduced by sending a GET request to the app-side product pagination endpoint with manipulated 'sortField' and 'sort' parameters. The injected SQL payload can exploit the application's SQL query handling, particularly in the ORDER BY clause, due to the unsafe interpolation method used by MyBatis.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.