You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello, I have found a security problems in your project.
you use spring security to identify users. However, when configuring the access path, because spring security's antMatcher is not used correctly, the attack can use the ambiguity of the server and spring in processing the path. Rely on the identity of ordinary users to call functions that should belong to the administrator.
The path of the vulnerable code: com/greate/community/config/SecurityConfig.java
attack method:login as a normal user without delete function. post /discuss/delete with discuss id and the serve will response "you have no privilege to request"". Then post /discuss/delete/ (append a slash) , this request will be successful and the discuss with the id will be deleted.
here is the proof:
post /discuss/delete
post /discuss/delete/
how to repair:
add extra path /delete/ path to spring security
deal with path together before spring security.
The text was updated successfully, but these errors were encountered:
Hello, I have found a security problems in your project.
you use spring security to identify users. However, when configuring the access path, because spring security's antMatcher is not used correctly, the attack can use the ambiguity of the server and spring in processing the path. Rely on the identity of ordinary users to call functions that should belong to the administrator.
The path of the vulnerable code: com/greate/community/config/SecurityConfig.java
attack method:login as a normal user without delete function. post /discuss/delete with discuss id and the serve will response "you have no privilege to request"". Then post /discuss/delete/ (append a slash) , this request will be successful and the discuss with the id will be deleted.
here is the proof:
post /discuss/delete
post /discuss/delete/
how to repair:
The text was updated successfully, but these errors were encountered: