| tiêu đề | JPShop JPShop <=1.5.02 Auth-Bypass |
|---|
| Mô tả | The JPShop application, specifically versions up to and including 1.5.02, is vulnerable to an authentication bypass due to the use of a hardcoded key within the api/config/params.php file. This key is used in conjunction with the TokenFilter.php to generate access tokens. An attacker can exploit this by crafting a malicious token using the fixed key and the provided Python script, which handles the token encoding and decoding process. Once the attacker has the token, it can be used to gain unauthorized access to the admin API endpoints, allowing them to perform actions with administrative privileges. |
|---|
| Nguồn | ⚠️ https://note.zhaoj.in/share/XblX1My7jNV7 |
|---|
| Người dùng | glzjin (UID 59815) |
|---|
| Đệ trình | 04/02/2024 08:33 (cách đây 2 những năm) |
|---|
| Kiểm duyệt | 06/02/2024 09:29 (2 days later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 252997 [Juanpao JPShop đến 1.5.02 API api/config/params.php JWT_KEY_ADMIN mã hóa yếu] |
|---|
| điểm | 20 |
|---|