You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The code vulnerable to SQL injection is located as follows(com.tduck.cloud.form.service.data.FormDataMysqlService), This code directly concatenates SQL statements, leading to the SQL injection vulnerability
Then, within the downloadFormResultFile method of the downloadFormResultFile class(com.tduck.cloud.api.web.controller.downloadFormResultFile), this method is invoked.
According to the route information, access the URL address, and use error-based injection to retrieve the database name, thereby verifying the existence of the vulnerability.
The text was updated successfully, but these errors were encountered:
Then, within the downloadFormResultFile method of the downloadFormResultFile class(com.tduck.cloud.api.web.controller.downloadFormResultFile), this method is invoked.
According to the route information, access the URL address, and use error-based injection to retrieve the database name, thereby verifying the existence of the vulnerability.
The text was updated successfully, but these errors were encountered: