Add content from: CVE-2026-22730: SQL Injection in Spring AI’s MariaDB Vector ...

HackTricks News Bot · HackTricks News Bot · commit 793b947c98bd · 2026-03-19T13:20:51.000Z
diff --git a/src/pentesting-web/sql-injection/README.md b/src/pentesting-web/sql-injection/README.md
@@ -652,6 +652,33 @@ Mitigations:
 - Never concatenate identifiers from user input. Map allowed column names to a fixed allow-list and quote identifiers properly.
 - If dynamic table access is required, restrict to a finite set and resolve server-side from a safe mapping.
 
+
+### SQLi via AST/filter-to-SQL converters (JSON_VALUE predicates)
+
+Some frameworks **convert structured filter ASTs into raw SQL boolean fragments** (e.g., metadata filters or JSON predicates) and then **string-concatenate** those fragments into larger queries. If the converter **wraps string values as `'%s'` without escaping**, a single quote in user input terminates the literal and the rest is parsed as SQL.
+
+Example pattern (conceptual):
+
+```sql
+JSON_VALUE(metadata, '$.department') = '<user_value>'
+```
+
+Payload (URL-encoded): `%27%20OR%20%271%27%3D%271` → decoded: `' OR '1'='1` → predicate becomes:
+
+```sql
+JSON_VALUE(metadata, '$.department') = '' OR '1'='1'
+```
+
+Impact:
+- **Authorization bypass**: always-true predicates return cross-tenant/department rows.
+- **Destructive writes**: if the same fragment is reused in `DELETE/UPDATE ... WHERE <predicate>`, it can wipe data.
+- **RAG-specific risk**: leaked rows may only surface indirectly inside LLM answers, making detection harder.
+
+Hunting tips:
+- Look for classes that **serialize filter/AST nodes to SQL** and append them into queries via `String.format`, `+`, or templating.
+- Verify string emitters **escape single quotes and backslashes**; parameter binding only works for scalar values, not entire boolean expressions.
+- Prefer builders that keep **predicates parameterized** (values as bind params) and never inline user-controlled literals.
+
 ### WAF bypass suggester tools
 
 
@@ -674,5 +701,6 @@ https://github.com/carlospolop/Auto_Wordlists/blob/main/wordlists/sqli.txt
 ## References
 
 - [https://blog.sicuranext.com/vtenext-25-02-a-three-way-path-to-rce/](https://blog.sicuranext.com/vtenext-25-02-a-three-way-path-to-rce/)
+- [https://blog.securelayer7.net/cve-2026-22730-sql-injection-spring-ai-mariadb/](https://blog.securelayer7.net/cve-2026-22730-sql-injection-spring-ai-mariadb/)
 
 {{#include ../../banners/hacktricks-training.md}}
