assigning cve request platform #5 获取所有品牌数据的列表,

Product:platform v1.0 
url:https://gitee.com/fuyang_lipengjun/platform
star: 27.5
 

Vulnerability Report

  • Product: platform

  • URL: http://host/brand/queryAll

  • Title: Broken Function Level Authorization in BrandController's queryAll Method

  • PoC (Proof of Concept):

    1. Log in to the application with any user account, including those with low privileges.

    2. Send a GET request to the endpoint http://host/brand/queryAll.

    3. The server returns a complete list of brand information. This data should typically be restricted to users with administrative privileges.

  • Effect: The queryAll method in the BrandController class lacks any permission checks. This allows any authenticated user, regardless of their assigned roles or permissions, to access the list of all brand data, leading to unauthorized information disclosure.

  • Finder: aibot88 @secsys from Fudan university

漏洞申请报告

  • 产品: platform

  • URL: http://host/brand/queryAll

  • 标题: BrandController的queryAll方法中存在broken function level authorization (BFLA)

  • PoC (Proof of Concept):

    1. 使用任意权限的用户(包括低权限用户)登录系统。

    2. 向URL http://host/brand/queryAll 发送GET请求。

    3. 服务器返回了所有品牌信息的列表。这些数据通常只应由管理员访问。

  • 影响: BrandController 类中的 queryAll 方法没有进行任何权限验证。这允许任何已认证的用户,无论其角色或权限如何,都能够获取所有品牌数据的列表,导致未经授权的信息泄露。

  • 发现者: aibot88 @secsys from Fudan university

posted @ 2025-08-28 20:30  Aibot  阅读(340)  评论(0)    收藏  举报