Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
<=2.4.5
leaks sensitive information such as phone .etc
Through enumeration, it is found that there are 2 accounts admin and user1 in the system
version:2.4.5
友情提示: 未按格式要求发帖,会直接删掉。
The text was updated successfully, but these errors were encountered:
的确存在,因为这边有一些注册逻辑判断使用,如果有严格的安全考虑,不需要注册功能的话,可以ShiroConfig中注释掉,加强安全。 org.jeecg.config.shiro.ShiroConfig
Sorry, something went wrong.
No branches or pull requests
版本号:
<=2.4.5
问题描述:
1. leaks sensitive information api uri: /sys/user/querySysUser?username=admin
leaks sensitive information such as phone .etc
2. Enumerate usernames api uri:/sys/user/checkOnlyUser?username=admin
Through enumeration, it is found that there are 2 accounts admin and user1 in the system
截图&代码:
version:2.4.5




友情提示: 未按格式要求发帖,会直接删掉。
The text was updated successfully, but these errors were encountered: