| عنوان | springboot-openai-chatgpt 274056675 No version commitID e84f6f5 Business Logic Errors |
|---|
| الوصف | Least Privilege Violation, control any invitations to refresh the attacker's own balance or create a new account with a specified high number usage times.
## POC
The API `api/mjkj-chat/cgform-api/addData/${chatUserID}` is used by managers to add data. However, its permission check can be bypass with arbitrary user add controller, allowing normal users to execute this API successfully by exploiting the `chatUserID` parameter, which can be found in the normal chat history.
1. A normal user logs into the system and retrieves the `chatUserID` from their chat history.
2. Without any permission validation, the user sends a request to the `addData` API, using the `chatUserID` parameter they obtained.
POST /api/mjkj-chat/cgform-api/addData/${chatUserID}
{
“data”: “malicious data”
}
Since the API lacks a proper permission check, the normal user can successfully add data on behalf of the target user.
More details can be found in the code slice |
|---|
| المصدر | ⚠️ https://www.cnblogs.com/aibot/p/18732250 |
|---|
| المستخدم | Anonymous User |
|---|
| ارسال | 23/02/2025 09:03 AM (1 سنة منذ) |
|---|
| الاعتدال | 14/03/2025 06:07 PM (19 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 299750 [274056675 springboot-openai-chatgpt e84f6f5 addData chatUserID تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|