Title | wander-chu SpringBoot-Blog 1.0 permission bypass |
---|
Description | src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java The preHandle method in has permission bypass, and POST requests sent can bypass login and modify website content as long as the path does not start with/admin |
---|
Source | ⚠️ https://github.com/wander-chu/SpringBoot-Blog/issues/4 |
---|
User | LVZC2 (UID 76821) |
---|
Submission | 12/28/2024 09:54 AM (1 month ago) |
---|
Moderation | 01/08/2025 03:51 PM (11 days later) |
---|
Status | Accepted |
---|
VulDB Entry | 290793 [wander-chu SpringBoot-Blog 1.0 HTTP POST Request BaseInterceptor.java preHandle access control] |
---|
Points | 16 |
---|