| عنوان | 274056675 springboot-openai-chatgpt No version commitID e84f6f5 IDOR |
|---|
| الوصف | Create a new user while specifying a nonexistent expire field to gain membership privileges. You can learn about the existing fields in the data table through the error messages.
## POC
When we create a new account int the system, we can add a new filed called ·expire_time·, with this field, we can access the VIP statement and use the VIP methods.
these fields can be found by the error msg returned by the backend. with these error msgs, we can write the correct expite_time key and value.
## Result
IDOR, with the logic error, we can access the VIP authorizations. |
|---|
| المصدر | ⚠️ https://www.cnblogs.com/aibot/p/18732250 |
|---|
| المستخدم | Anonymous User |
|---|
| ارسال | 23/02/2025 09:09 AM (1 سنة منذ) |
|---|
| الاعتدال | 14/03/2025 06:07 PM (19 days later) |
|---|
| الحالة | مكرر |
|---|
| إدخال VulDB | 299750 [274056675 springboot-openai-chatgpt e84f6f5 addData chatUserID تجاوز الصلاحيات] |
|---|
| النقاط | 0 |
|---|