| 제목 | 274056675 springboot-openai-chatgpt No version commitID e84f6f5 IDOR |
|---|
| 설명 | Create a new user while specifying a nonexistent expire field to gain membership privileges. You can learn about the existing fields in the data table through the error messages.
## POC
When we create a new account int the system, we can add a new filed called ·expire_time·, with this field, we can access the VIP statement and use the VIP methods.
these fields can be found by the error msg returned by the backend. with these error msgs, we can write the correct expite_time key and value.
## Result
IDOR, with the logic error, we can access the VIP authorizations. |
|---|
| 원천 | ⚠️ https://www.cnblogs.com/aibot/p/18732250 |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2025. 02. 23. AM 09:09 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 03. 14. PM 06:07 (19 days later) |
|---|
| 상태 | 중복 |
|---|
| VulDB 항목 | 299750 [274056675 springboot-openai-chatgpt e84f6f5 addData chatUserID 권한 상승] |
|---|
| 포인트들 | 0 |
|---|