제출 #467701: Beijing Yunfan Internet Technology Co., Ltd yfexam-exam 1.9.2 JWT defects정보

제목Beijing Yunfan Internet Technology Co., Ltd yfexam-exam 1.9.2 JWT defects
설명Exiting login in src/main/java/com/yf/exam/modules/sys/user/controller/SysUserControl. java does not eliminate JWT, and this system JWT can be used universally. Any server using this system will be attacked. In the interface, change JWT to eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE3MzQ5NTQ2NjEsInVzZXJuYW1lIjoicGVyc29uIn0.6tEVOLvOYme17vn8p4UF2mTG2oxwtCPgHzgQ7Fxmgga4, and you can log in without logging in. Directly obtain administrator privileges for any system.
원천⚠️ https://github.com/qiutiandefeng/yfexam-exam/issues/6
사용자
 LVZC (UID 74910)
제출2024. 12. 22. PM 03:17 (1 년도 ago)
모더레이션2025. 01. 01. PM 12:31 (10 days later)
상태수락
VulDB 항목289927 [Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2 JWT Token SysUserControl 약한 인증]
포인트들20

이전개요다음

Interested in the pricing of exploits?

See the underground prices here!