Skip to content

Latest commit

 

History

History
46 lines (38 loc) · 1.74 KB

Code.md

File metadata and controls

46 lines (38 loc) · 1.74 KB

图片It is not directly required to retrieve and verify in the jar package within the project It can be seen that not achieving one code at a time results in the verification code being continuously reused

Vulnerability Address: net\mingsoft\ms-basic\2.1.8\ms-basic-2.1.8-sources.jar!\net\mingsoft\basic\action

Vulnerability code:

@PostMapping(value = "/checkLogin")
    @ResponseBody
    public ResultData checkLogin(@ModelAttribute @ApiIgnore ManagerEntity manager, HttpServletRequest request, HttpServletResponse response) {
        LOG.debug("basic checkLogin");

        //验证码
        if (!(checkRandCode())) {
            return ResultData.build().error(getResString("err.error", this.getResString("rand.code")));
        }
        if(loginStrategy.login(manager)){
            return ResultData.build().success();
        }else {
            return ResultData.build().error(getResString("err.error", this.getResString("manager.name.or.password")));
        }

    }
}

protected boolean checkRandCode( String param) {
		if(!checkCode){
			return true;
		}
		String sessionCode = this.getRandCode();
		String requestCode = BasicUtil.getString(param);
		LOG.debug("session_code:" + sessionCode + " requestCode:" + requestCode);
		if (sessionCode.equalsIgnoreCase(requestCode)) {
			return true;
		}
		return false;
	}

Vulnerability verification: You can see that by modifying the password parameters, the value can be exploded and successfully verified. The code is reused 图片 图片