Merge pull request #2029 from HackTricks-wiki/update_CVE-2026-22730__SQL_Injection_in_Spring_AI_s_Maria_20260319_131806

carlospolop · web-flow · commit 23cf2e873f59 · 2026-03-31T21:12:31.000+02:00
CVE-2026-22730 SQL Injection in Spring AI’s MariaDB Vector S...
diff --git a/src/pentesting-web/sql-injection/README.md b/src/pentesting-web/sql-injection/README.md
@@ -652,6 +652,23 @@ Mitigations:
 - Never concatenate identifiers from user input. Map allowed column names to a fixed allow-list and quote identifiers properly.
 - If dynamic table access is required, restrict to a finite set and resolve server-side from a safe mapping.
 
+
+### SQLi via AST/filter-to-SQL converters (JSON_VALUE predicates)
+
+Some frameworks **convert structured filter ASTs into raw SQL boolean fragments** (e.g., metadata filters or JSON predicates) and then **string-concatenate** those fragments into larger queries. If the converter **wraps string values as `'%s'` without escaping**, a single quote in user input terminates the literal and the rest is parsed as SQL.
+
+Example pattern (conceptual):
+
+```sql
+JSON_VALUE(metadata, '$.department') = '<user_value>'
+```
+
+Payload (URL-encoded): `%27%20OR%20%271%27%3D%271` → decoded: `' OR '1'='1` → predicate becomes:
+
+```sql
+JSON_VALUE(metadata, '$.department') = '' OR '1'='1'
+```
+
 ### ORDER BY / identifier-based SQLi (PDO limitation)
 
 Prepared statements **cannot bind identifiers** (column or table names). A common unsafe pattern is to take a user-controlled `sort` parameter and build `ORDER BY` using string concatenation, sometimes wrapping the input in backticks to “sanitize” it. This still enables SQLi because the identifier context is attacker-controlled.
@@ -670,10 +687,6 @@ Signals in traffic:
 - Sort parameter in **POST** (often `sort=column`), not a fixed allow-list.
 - Changing `sort` breaks the query or alters output ordering.
 
-Mitigation:
-
-- Map user input to a **fixed allow-list** of column names and only interpolate mapped identifiers.
-- Never rely on backticks as “sanitization” for identifiers.
 
 ### WAF bypass suggester tools
 
@@ -697,6 +710,7 @@ https://github.com/carlospolop/Auto_Wordlists/blob/main/wordlists/sqli.txt
 ## References
 
 - [https://blog.sicuranext.com/vtenext-25-02-a-three-way-path-to-rce/](https://blog.sicuranext.com/vtenext-25-02-a-three-way-path-to-rce/)
+- [https://blog.securelayer7.net/cve-2026-22730-sql-injection-spring-ai-mariadb/](https://blog.securelayer7.net/cve-2026-22730-sql-injection-spring-ai-mariadb/)
 - [HTB: Gavel](https://0xdf.gitlab.io/2026/03/14/htb-gavel.html)
 
 {{#include ../../banners/hacktricks-training.md}}
