Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

There is an access control vulnerability in Vblog #95

Open
RacerZ-fighting opened this issue Dec 27, 2024 · 2 comments
Open

There is an access control vulnerability in Vblog #95

RacerZ-fighting opened this issue Dec 27, 2024 · 2 comments

Comments

@RacerZ-fighting
Copy link

Version: <= 0.0.1-SNAPSHOT

Branch: master branch

Description:

There is a privilege escalation vulnerability in Vblog, allowing an attacker to exploit it and perform arbitrary user registration with normal user permissions.

Sourcecode Analysis

image

In the org.sang.config.WebSecurityConfig#configure method, the /reg endpoint is configured to be accessible only by super administrators.
However, the Spring Security authentication framework used by the application can be bypassed by appending a trailing / to the endpoint, allowing regular users to access the /reg interface.

Reproduce the vulnerablitity

Directly accessing the /reg endpoint returns a message indicating that it is accessible only to super administrators.
image
However, accessing /reg/ results in a privilege escalation. This allows regular users to arbitrarily register new users.
image
image
@zhangruhong
Copy link

zhangruhong commented Dec 27, 2024 via email

@skyywj
Copy link

skyywj commented Dec 27, 2024 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@zhangruhong @skyywj @RacerZ-fighting