| 标题 | Beijing Yunfan Internet Technology Co., Ltd yfexam-exam 1.9.2 JWT defects |
|---|
| 描述 | Exiting login in src/main/java/com/yf/exam/modules/sys/user/controller/SysUserControl. java does not eliminate JWT, and this system JWT can be used universally. Any server using this system will be attacked. In the interface, change JWT to eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE3MzQ5NTQ2NjEsInVzZXJuYW1lIjoicGVyc29uIn0.6tEVOLvOYme17vn8p4UF2mTG2oxwtCPgHzgQ7Fxmgga4, and you can log in without logging in. Directly obtain administrator privileges for any system. |
|---|
| 来源 | ⚠️ https://github.com/qiutiandefeng/yfexam-exam/issues/6 |
|---|
| 用户 | LVZC (UID 74910) |
|---|
| 提交 | 2024-12-22 15時17分 (2 年前) |
|---|
| 管理 | 2025-01-01 12時31分 (10 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 289927 [Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2 JWT Token SysUserControl 弱身份验证] |
|---|
| 积分 | 20 |
|---|