Submit #622421: WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8 Incorrect Access Controlinfo

TitleWinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8 Incorrect Access Control
Description[Vendor of Product] https://github.com/WinterChenS/my-site/ Version: up to 1f7525f15934d9d6a278de967f6ec9f1757738d8 Branch: master Problem: There is an authentication bypass vulnerability in my-site. An attacker can exploit this vulnerability to access /admin/ API without any token. The affected source code class is cn.luischen.interceptor.BaseInterceptor, and the affected function is preHandle. In the filter code, use normalizeRequestUri to obtain the request path, and then determine whether the uri meet isAdminPath but not startWith /admin/login、/admin/css, etc. If the condition is not met, it will execute return true to bypass the Interceptor. Otherwise, it will block the current request and redirect to the login page. Although some normalization is applied to the original URL path—such as URL decoding, lowercasing, and slash collapsing, the handling of semicolons here simply truncates the path, which is problematic. An attacker can exploit this by using a path like /admin/login;/../<sensitive-path> to bypass access restrictions. Taking one of the backend interfaces /admin/article/publish as an example, using /admin/login;/../article/publish can make it bypass the BaseInterceptor, and at the same time, it allows the publish any article. Accessing http://127.0.0.1:8089/admin/article/publish directly will result in redirecting to an admin login page. However, accessing http://127.0.0.1:8089/admin/login;/../article/publish will bypass the authentication check and public arbitrary article.
Source⚠️ https://github.com/WinterChenS/my-site/issues/97
User
 fushuling (UID 45488)
Submission07/25/2025 15:15 (9 months ago)
Moderation08/10/2025 13:20 (16 days later)
StatusAccepted
VulDB entry319372 [WinterChenS my-site up to 1f7525f15934d9d6a278de967f6ec9f1757738d8 Backend Interface /admin/ preHandle uri improper authentication]
Points20

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!