Xierongwkhd Weimai-Wetapp SQL Injection Vulnerability in Admin User Controller

A SQL injection vulnerability has been identified in the Weimai-Wetapp project by Xierongwkhd, affecting versions up to commit 5fe9e8225be4f73f2c5087f134aff657bdf1c6f2. The issue arises in the Admin_AdminUserController, specifically within the getAdmins function. The vulnerability allows for remote exploitation by injecting arbitrary SQL through the unsanitized keyword parameter, which is passed along the controller, service, and MyBatis mapper layers. This exploitation has been publicly confirmed and is available as a proof-of-concept.

Impact

Exploitation of this vulnerability allows attackers to execute arbitrary SQL commands, potentially leading to unauthorized data access or manipulation. SQLMap has verified the vulnerability using boolean-based blind and error-based techniques, successfully retrieving the current database user with root privileges.

Reproduction

To reproduce this vulnerability, send a GET request to the /admin/auser/getAdmins endpoint. Include the keyword parameter with a crafted SQL injection payload. The injection can be verified by using SQLMap, which can automate the exploitation process and confirm the vulnerability.