| 제목 | WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8 Incorrect Access Control |
|---|
| 설명 | [Vendor of Product] https://github.com/WinterChenS/my-site/
Version: up to 1f7525f15934d9d6a278de967f6ec9f1757738d8
Branch: master
Problem:
There is an authentication bypass vulnerability in my-site. An attacker can exploit this vulnerability to access /admin/ API without any token.
The affected source code class is cn.luischen.interceptor.BaseInterceptor, and the affected function is preHandle. In the filter code, use normalizeRequestUri to obtain the request path, and then determine whether the uri meet isAdminPath but not startWith /admin/login、/admin/css, etc. If the condition is not met, it will execute return true to bypass the Interceptor. Otherwise, it will block the current request and redirect to the login page.
Although some normalization is applied to the original URL path—such as URL decoding, lowercasing, and slash collapsing, the handling of semicolons here simply truncates the path, which is problematic. An attacker can exploit this by using a path like /admin/login;/../<sensitive-path> to bypass access restrictions.
Taking one of the backend interfaces /admin/article/publish as an example, using /admin/login;/../article/publish can make it bypass the BaseInterceptor, and at the same time, it allows the publish any article.
Accessing http://127.0.0.1:8089/admin/article/publish directly will result in redirecting to an admin login page.
However, accessing http://127.0.0.1:8089/admin/login;/../article/publish will bypass the authentication check and public arbitrary article. |
|---|
| 원천 | ⚠️ https://github.com/WinterChenS/my-site/issues/97 |
|---|
| 사용자 | fushuling (UID 45488) |
|---|
| 제출 | 2025. 07. 25. PM 03:15 (9 개월 ago) |
|---|
| 모더레이션 | 2025. 08. 10. PM 01:20 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 319372 [WinterChenS my-site 까지 1f7525f15934d9d6a278de967f6ec9f1757738d8 Backend Interface /admin/ preHandle uri 약한 인증] |
|---|
| 포인트들 | 20 |
|---|