hustoj IDOR Vulunerability #1065
Comments
|
thank you for reporting! |
|
If it turns out to be a valid vulnerability, can I get a CVE id? |
|
I don't know how to give you one. |
|
But there's a case CVE-2022-42187 |
|
sorry for unfamiliar with the rules of sec, still don't know what ToDo to confirm your contibution. |
|
I don't use php very well. I just saw the possibility of a vulnerability and reported it, but if it's not valid, you can ignore it. Sorry again for not being helpful.... |
|
You are helping , the latest code is patched, just tell the administrator of the site you are using to update "thread.php" |
|
If you can help us translate the new added English words into Korean , that will be even helpful. |
|
Oh, was it a patched vulnerability? sry |
|
first , fork this project after save all the changes, create a pull request.
just browse the homepage of your fork, github might show a big green button for you to do it .
|
描述问题
IDOR Vulunerability (Improper Data Deletion) in
/thread.php?tid={TID}如何复现
Users can access deleted posts by manipulating the tid value
For example, even if a thread corresponding to tid 1 is created and deleted, it is still accessible by manipulating url query
/thread.php?tid=1Expected behavior
The deleted thread should not be accessible
Screenshots
SERVER OPTION
CSL HUSTOJ (release 24.01.30)
Modified by CSL 2025
GPLv2 licensed by HUSTOJ 2025
target: every device
The text was updated successfully, but these errors were encountered: