| 제목 | 201206030 novel-plus commitID 0e156c04b4b7ce0563bef6c97af4476fcda8f160 broken function level authorization |
|---|
| 설명 | # GeneratorController Unauthorized Remote Code Generation
- Location:
- file: novel-admin/src/main/java/com/java2nb/common/controller/GeneratorController.java
- Endpoints:
1. POST /genCode
- Method: public R genCode(String tableName)
- Risk: Triggers backend code generation for arbitrary tables
- CWE: CWE-306: Missing Authentication for Critical Function
- PoC: curl -X POST "http://target-ip:port/genCode" -d "tableName=user" |
|---|
| 원천 | ⚠️ https://www.cnblogs.com/aibot/p/18827469 |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2025. 04. 15. PM 02:47 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 04. 27. PM 07:53 (12 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 306372 [20120630 Novel-Plus 까지 0e156c04b4b7ce0563bef6c97af4476fcda8f160 GeneratorController.java genCode 약한 인증] |
|---|
| 포인트들 | 20 |
|---|