Enviar #622421: WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8 Incorrect Access Controlinformación

TítuloWinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8 Incorrect Access Control
Descripción[Vendor of Product] https://github.com/WinterChenS/my-site/ Version: up to 1f7525f15934d9d6a278de967f6ec9f1757738d8 Branch: master Problem: There is an authentication bypass vulnerability in my-site. An attacker can exploit this vulnerability to access /admin/ API without any token. The affected source code class is cn.luischen.interceptor.BaseInterceptor, and the affected function is preHandle. In the filter code, use normalizeRequestUri to obtain the request path, and then determine whether the uri meet isAdminPath but not startWith /admin/login、/admin/css, etc. If the condition is not met, it will execute return true to bypass the Interceptor. Otherwise, it will block the current request and redirect to the login page. Although some normalization is applied to the original URL path—such as URL decoding, lowercasing, and slash collapsing, the handling of semicolons here simply truncates the path, which is problematic. An attacker can exploit this by using a path like /admin/login;/../<sensitive-path> to bypass access restrictions. Taking one of the backend interfaces /admin/article/publish as an example, using /admin/login;/../article/publish can make it bypass the BaseInterceptor, and at the same time, it allows the publish any article. Accessing http://127.0.0.1:8089/admin/article/publish directly will result in redirecting to an admin login page. However, accessing http://127.0.0.1:8089/admin/login;/../article/publish will bypass the authentication check and public arbitrary article.
Fuente⚠️ https://github.com/WinterChenS/my-site/issues/97
Usuario
 fushuling (UID 45488)
Sumisión2025-07-25 15:15 (hace 9 meses)
Moderación2025-08-10 13:20 (16 days later)
EstadoAceptado
Entrada de VulDB319372 [WinterChenS my-site hasta 1f7525f15934d9d6a278de967f6ec9f1757738d8 Backend Interface /admin/ preHandle uri autenticación débil]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!