VBlog icon indicating copy to clipboard operation
VBlog copied to clipboard
verified publisher icon lenve

There is an access control vulnerability in Vblog

Open RacerZ-fighting opened this issue 1 year ago • 2 comments

Version: <= 0.0.1-SNAPSHOT

Branch: master branch

Description:

There is a privilege escalation vulnerability in Vblog, allowing an attacker to exploit it and perform arbitrary user registration with normal user permissions.

Sourcecode Analysis

image

In the org.sang.config.WebSecurityConfig#configure method, the /reg endpoint is configured to be accessible only by super administrators. However, the Spring Security authentication framework used by the application can be bypassed by appending a trailing / to the endpoint, allowing regular users to access the /reg interface.

Reproduce the vulnerablitity

Directly accessing the /reg endpoint returns a message indicating that it is accessible only to super administrators. image However, accessing /reg/ results in a privilege escalation. This allows regular users to arbitrarily register new users. image image

RacerZ-fighting avatar Dec 27 '24 14:12 RacerZ-fighting

这是我的自动回复邮件。 This is an automatic reply of the email system. 您好,你的邮件我己收到,我会尽快处理,谢谢!I have received your E-mail, and I will reply as soon as possible. Thank you!

zhangruhong avatar Dec 27 '24 14:12 zhangruhong

小严同学已收到您的邮件,

skyywj avatar Dec 27 '24 14:12 skyywj