Gửi #856719: zhinianboke xianyu-auto-reply main at or before 04580d6490b4731d0055f29736930d8cc59b60d6 CWE-650 Trusting HTTP Permission Methods on the Server Sidethông tin

tiêu đềzhinianboke xianyu-auto-reply main at or before 04580d6490b4731d0055f29736930d8cc59b60d6 CWE-650 Trusting HTTP Permission Methods on the Server Side
Mô tảA state-changing GET request vulnerability exists in zhinianboke/xianyu-auto-reply at commit 04580d6490b4731d0055f29736930d8cc59b60d6. The endpoint GET /api/v1/payment/withdraw/review performs withdrawal review actions based on URL query parameters id, action, and token. When action=approve, the route directly calls review_withdraw_record and changes the pending withdrawal record status to approved. Because approval is performed via GET, automated link scanners, mail security gateways, browser prefetching, previews, or embedded resource loads can trigger the sensitive state-changing action if they request a valid approval URL. Proof of concept: <img src="http://127.0.0.1:8089/api/v1/payment/withdraw/review?id=42&action=approve&token=<valid_token>"> Expected behavior: GET requests should be safe and must not approve financial workflow records. Approval should require POST and an authenticated authorized reviewer or a safe one-time confirmation flow. Vulnerable behavior: A GET request approves the withdrawal when the URL contains valid id, action, and token parameters. Impact: Pending withdrawal records can be approved unintentionally by link previews, mail scanners, or cross-site resource loading when a valid approval URL is visited or prefetched. Affected code: backend-web/app/api/routes/payment.py defines GET /withdraw/review and performs approval when action is approve.
Nguồn⚠️ https://github.com/zhinianboke/xianyu-auto-reply/issues/192
Người dùng
 Galaxyn (UID 98388)
Đệ trình12/06/2026 06:00 (cách đây 1 tháng)
Kiểm duyệt14/07/2026 17:51 (1 month later)
Trạng tháiđược chấp nhận
Mục VulDB378335 [zhinianboke xianyu-auto-reply trên Server review?action=approve]
điểm20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!