漏洞总结 漏洞概述 漏洞编号: #797644 漏洞名称: coze-dev coze-studio <= 0.5.1 SQL Injection (CWE-89) / Improper Input Validation (CWE-20) 漏洞类型: SQL注入、不当输入验证 漏洞描述: 在“Execute SQL”操作中发现了关键SQL验证绕过漏洞。通过结合两种特定的SQL规避技术——使用MySQL反引号进行大小写转换,并利用括号故意绕过正则表达式提取操作——未授权或未经身份验证的提示注入者可以执行不受控制的SQL查询。 影响范围 受影响组件: coze-dev coze-studio <= 0.5.1 漏洞文件: 漏洞方法: & 修复方案 修复建议: 修复SQL验证逻辑,确保正确过滤和验证用户输入,防止SQL注入攻击。 POC代码 `` mysql user MYSQL USER regexp.MustCompile [SPACE] + [OPTIONAL_BACKTICK] + [alphnumeric_name] FROM ( /v/chat SELECT (SELECT authentication_string FROM (mysql) user) LIMIT 1) AS hacked_hash FROM (mysql) user;` 4. The query systems the internal relational database as root, bypassing all application-layer restrictions. Impact Severe SQL Injection and Unauthorized System Database Access. Enables unauthorized extraction of critical internal database architecture and tenant isolation breaks.