We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
版本:3.2.7
使用推荐映射docker搭建
登陆界面存在身份验证绕过漏洞,攻击者可构造cookie绕过登陆验证,进入后台。
1、初始访问,此时需要登录,没有cookie
2、构造cookie,访问url根目录,即 http://xxx.xxx.xxx.xxx:8097/ 可登陆后台
cookie:userId=1
Expires处随便填写不过期的日期,这里以 2024-07-12T09:27:52.000Z 举例
The text was updated successfully, but these errors were encountered:
感谢提交,后续为增强安全流程,改为token认证
Sorry, something went wrong.
No branches or pull requests
环境说明
版本:3.2.7
使用推荐映射docker搭建
漏洞描述
登陆界面存在身份验证绕过漏洞,攻击者可构造cookie绕过登陆验证,进入后台。
漏洞复现
1、初始访问,此时需要登录,没有cookie
2、构造cookie,访问url根目录,即 http://xxx.xxx.xxx.xxx:8097/ 可登陆后台
cookie:userId=1
Expires处随便填写不过期的日期,这里以 2024-07-12T09:27:52.000Z 举例
The text was updated successfully, but these errors were encountered: