Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

myblog 1.0 has global unauthorized access #1

Open
LvZCh opened this issue Dec 26, 2024 · 0 comments
Open

myblog 1.0 has global unauthorized access #1

LvZCh opened this issue Dec 26, 2024 · 0 comments

Comments

@LvZCh
Copy link

LvZCh commented Dec 26, 2024
edited
Loading

Source code name:myblog
Source code version:1.0
Source code download link:https://github.com/ZeroWdd/myblog/archive/refs/heads/master.zip

Code Audit:
In src/main/java/com/wdd/myblog/config/MyBlogMvcConfig. java, permission verification was not performed on the admin path, resulting in unauthorized access
image

Vulnerability exploitation:
Open directly: http://192.168.0.102:8080/admin/index
image
You can obtain all system permissions without logging in
image
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@LvZCh