springboot-openai-chatgpt privilege leakage

## Intro

On the management side, ordinary users experience privilege leakage, allowing them to add new accounts. As a result, they exceed their authority and can create super administrator accounts.

## PoC

for `api/blade-user/submit`, there is no permission check, thus any logined user (even ordinary users) can invoke these method to create new administrators. 

 For more details, we can see the code implementation

 

 

 

## Reuslt

data leakage, even worse, account takeover can be done through this vuln