CVE-2024-48307 PoC — JeecgBoot 安全漏洞

Source

https://github.com/jisi-001/CVE-2024-48307POC

Associated Vulnerability

Title:JeecgBoot 安全漏洞 (CVE-2024-48307)
Description:JeecgBoot v3.7.1 was discovered to contain a SQL injection vulnerability via the component /onlDragDatasetHead/getTotalData.

Description

jeecg-boot getDictItemsByTable接口存在SQL注入漏洞

Readme

# jeecg-boot getDictItemsByTable接口存在SQL注入漏洞

参数：

```
options:
  -h, --help            show this help message and exit
  -u URL, --url URL     请输入待检测的URL
  -f FILE, --file FILE  请输入一行一个URL的文件地址
  -c CONTENT, --content CONTENT
                        输入任意值查看漏洞详情
```

样例：

```
单个检测：
python .\CVE-2024-48307Poc.py -u URL
批量检测：
python .\CVE-2024-48307Poc.py -f urls.txt
查看泄露：
 python .\CVE-2024-48307Poc.py -u URL -c 1（任意值）
```

FOFA:

```
title=="JeecgBoot 企业级低代码平台" || body="window._CONFIG['imgDomainURL'] = 'http://localhost:8080/jeecg-boot/" || title="Jeecg-Boot 企业级快速开发平台" || title="Jeecg 快速开发平台" || body="'http://fileview.jeecg.com/onlinePreview'" || title=="JeecgBoot 企业级低代码平台" || title=="Jeecg-Boot 企业级快速开发平台" || title=="JeecgBoot 企业级快速开发平台" || title=="JeecgBoot 企业级快速开发平台" || title="Jeecg 快速开发平台" || title="Jeecg-Boot 快速开发平台" || body="积木报表" || body="jmreport"
```

File Snapshot


 [4.0K]  /data/pocs/7f2b7f561e47eee6082ea03de9992e012264180d
├── [2.7K]  CVE-2024-48307Poc.py
└── [1.1K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!