随笔分类 -  漏洞报告

Article 2: Vulnerability 1 – Unauthenticated Code Generation Endpoint
摘要:Article 2: Vulnerability 1 – Unauthenticated Code Generation Endpoint Title: Unauthenticated Code Generation Interface Allows Arbitrary Table manupula 阅读全文
posted @ 2025-04-15 21:02 Aibot 阅读(14) 评论(0) 推荐(0)
Article 7: Unauthorized system log read
摘要:Article 7: Unauthorized system log read Details: File: nnovel-admin/src/main/java/com/java2nb/common/controller/LogController.java Endpoint: GET /comm 阅读全文
posted @ 2025-04-15 21:01 Aibot 阅读(363) 评论(0) 推荐(0)
Article 5: Vulnerability 4 – Unauthorized Crawler Source Control & SSRF
摘要:Article 5: Vulnerability 4 – Unauthorized Crawler Source Control & SSRF (CVE-3) Title: Unauthenticated Crawl Interfaces Lead to Configuration Tamperin 阅读全文
posted @ 2025-04-15 21:00 Aibot 阅读(383) 评论(0) 推荐(0)
Article 4: Vulnerability 3 – User Session Leak (CVE-2)
摘要:Article 4: Vulnerability 3 – User Session Leak (CVE-2) Title: User Session Information Disclosed via Unauthenticated Endpoint Details: File: novel-sys 阅读全文
posted @ 2025-04-15 20:59 Aibot 阅读(11) 评论(0) 推荐(0)
Article 3: Vulnerability 2 – Configuration Exposure
摘要:Article 3: Vulnerability 2 – Configuration Exposure (CVE-1 part2) Title: Sensitive Configuration Information Disclosed Without Authentication Details: 阅读全文
posted @ 2025-04-15 20:59 Aibot 阅读(360) 评论(0) 推荐(0)
springboot-openai-chatgpt IDOR and bussiness logic vuln
摘要:## intro Any user can update the number of questions they are allowed to ask. ## PoC There is no access limitation for users to charge their question 阅读全文
posted @ 2025-02-23 16:22 Aibot 阅读(250) 评论(0) 推荐(0)
springboot-openai-chatgpt IDOR
摘要:## intro Create a new user while specifying a nonexistent expire field to gain membership privileges. You can learn about the existing fields in the d 阅读全文
posted @ 2025-02-23 16:08 Aibot 阅读(12) 评论(0) 推荐(0)