We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ALL
在类似/system/back/jwSystemUser/list.do页面可以通过将 back 编码或者访问 list.bbbb的方式绕过权限校验,造成未授权访问。
没有admin权限的时候,正常访问/system/back/jwSystemUser/list.do会返回401。 但是访问类似http://demo.jeewx.com/system/ba%63k/jwSystemUser/list.bbbb 由页面显示 同样访问 http://demo.jeewx.com/system/ba%63k/jwSystemUser/list.do 正常返回:
第一个主要问题在于 https://github.com/zhangdaiscott/jeewx-boot/blob/master/jeewx-boot-base-system/src/main/java/com/jeecg/p3/system/interceptors/LoginInterceptor.java#L113 list 为null的时候返回true。 第二个问题在于: https://github.com/zhangdaiscott/jeewx-boot/blob/master/jeewx-boot-base-system/src/main/java/com/jeecg/p3/system/interceptors/LoginInterceptor.java#L51 url编码以后 requestPath.index("/back/")找不到,返回-1,函数返回true。
The text was updated successfully, but these errors were encountered:
No branches or pull requests
版本号:
ALL
问题描述:
在类似/system/back/jwSystemUser/list.do页面可以通过将 back 编码或者访问 list.bbbb的方式绕过权限校验,造成未授权访问。
问题截图:
没有admin权限的时候,正常访问/system/back/jwSystemUser/list.do会返回401。
但是访问类似http://demo.jeewx.com/system/ba%63k/jwSystemUser/list.bbbb
由页面显示
同样访问 http://demo.jeewx.com/system/ba%63k/jwSystemUser/list.do
正常返回:
第一个主要问题在于
https://github.com/zhangdaiscott/jeewx-boot/blob/master/jeewx-boot-base-system/src/main/java/com/jeecg/p3/system/interceptors/LoginInterceptor.java#L113
list 为null的时候返回true。
第二个问题在于:
https://github.com/zhangdaiscott/jeewx-boot/blob/master/jeewx-boot-base-system/src/main/java/com/jeecg/p3/system/interceptors/LoginInterceptor.java#L51
url编码以后 requestPath.index("/back/")找不到,返回-1,函数返回true。
The text was updated successfully, but these errors were encountered: