Linlinjava Litemall SQL Injection Vulnerability in Front-end WeChat API

A SQL injection vulnerability has been identified in Linlinjava Litemall versions through 1.8.0. This issue resides in the Front-end WeChat API, specifically within the WxGoodsController, and can be exploited remotely by regular users through the '/wx/goods/list' endpoint. The vulnerability allows for unauthorized SQL injection, with the potential to extract sensitive information from the database, including admin password hashes, user personal data, and payment information.

Impact

Exploitation of this vulnerability allows regular users to perform SQL injection attacks, with the potential to extract admin password hashes, access full database contents, and breach user data privacy by stealing personal information and payment details.

Reproduction

The vulnerability can be reproduced by sending a GET request to the '/wx/goods/list' endpoint with a crafted 'sort' parameter that exploits the SQL injection flaw. This can be done by using SQL injection techniques, such as error-based or blind injection, to manipulate the SQL query and extract information from the database.

Remediation

To address this vulnerability, it is recommended to add a strict whitelist validation for the 'sort' and 'order' parameters in the WxGoodsController. This can be done by implementing server-side validation that only allows predefined values for these parameters.