这是一个关于WVP-GB28181 2.0 的逻辑漏洞
The latest version of wvp GB28181 pro is 2.0. Let's first take a look at the effect of a normal page loading platform: The password is weak password 123, and the account is shown in the picture
Login successful. In the user management interface, when changing the password, change the value of userId to 1 and modify the password of the administrator account admin
Modified successfully
Administrator admin account login successful
可复现问题的网页地址 Reproducible webpage address http://112.28.134.194:8088/#/login This website uses the latest version of wvp-GB28181 pro, and there are no users who can view any platform resources 受影响的Valine版本、操作系统,以及浏览器信息 Affected Valve versions, operating systems, and browser information
wvp-GB28181-pro 2.0 OS:Windows/Linux/macOS Browser: Chrome、Firefox、Safair 总的来说,如果有普通用户成功越权到管理员权限,就会造成网站的敏感信息泄漏,希望作者大大后面可以修复这个问题。 Overall, if ordinary users successfully exceed their administrator privileges, it will cause sensitive information leakage on the website. We hope the author can fix this issue in the future.