mysiteforme权限管理系统是作者学习springBoot时基于springBoot开发的一套轻量级的系统脚手架,可以以此形成一套属于自己的系统后台 ,自动生成前后台基本代码;使用Spring Boot、Shiro、MyBatis、Layui等框架,包含:用户管理、角色管理、权限管理、资源管理、数据库管理、源码生成、调度管理等
Home Page: https://admin.mysiteforme.com
License: Apache License 2.0
Hello,I found a sql injection vulnerability in project with CodeQL(openSourced by GitHub) that I wroten a ql script.There is detail.
src/main/java/com/mysiteforme/admin/controller/system/TableController.java:393:
public RestResponse delete(@RequestParam(value = "tableName",required = false)String tableName){
if(StringUtils.isBlank(tableName)){
return RestResponse.failure("数据表名称不能为空");
}
if(tableName.contains("sys_")){
return RestResponse.failure("不能删除系统表");
}
tableService.dropTable(tableName);
return RestResponse.success();
}
Parameter tableName is entrance, goto dropTable(tableName) function:
@Override
public void dropTable(String tableName) {
tableDao.dropTable(tableName);
dictService.deleteByTableName(tableName);
}
the function will invoke tableDao.dropTable(tableName), goto it and get mybatis sqlStatement:
<update id="dropTable" parameterType="java.lang.String">
drop table ${tableName}
</update>
${tableName} will joint value of tableName where user input to sqlStatement, user could input a sql substatement to change the original sql or do something evil . It's a standard sql injection vuln.
this project is good enough that gained many stars. Expect your patch, thanks.
https://www.mysiteforme.com/categories/
分类 | 孤独的旅行家
创建用户没有初始密码吗?
https://www.mysiteforme.com/tags/
标签 | 孤独的旅行家
请问这个后台系统有对应的前台博客网站吗
The problem exists in the "FileController.java",You can see that there is no filtering in the code:
The code use "HttpURLConnection" to connection the URL directly.
And this leads to a SSRF.
The port is open:
The port is closed:
The problem code
Controllable URL parameters
Vulnerability validation
The DNS platform received the request. Procedure
有没有对接cas啊 我想对接cas发现好复杂
The problem exists in the "BlogTagsController.java",You can see that there is no filtering in the code:
The code use "${" to splice the parameters directly in the "BlogTagsMapper.xml".
And this leads to a SQL injection.
https://www.mysiteforme.com/2019/05/23/hello-world/
Welcome to Hexo! This is your very first post. Check documentation for more info. If you get any problems when using Hex
保存编辑角色数据的时候出现如果没有选择权限提交的时候会报错,建议后台增加判断,避免出现这种没有选择请分配角色权限的时候提交出现控制台直接报错我已经在自己的仓库添加这个这edit.ftl和add.ftl增加测试可以使用。
if (role.getMenuSet() == null || role.getMenuSet().size() == 0){
return RestResponse.failure("角色权限不能为空,请分配角色权限!");
}
让别人更加了解项目
求layui-treetable里面的layui资源文件 因为项目中权限用到的资源路径为https://static.mysiteforme.com/
导致国内网络经常访问不到 求share一份
登录系统后,通过菜单任意打开一个菜单,然后F5刷新,会停留在最新打开的界面,切换到首页发现图表不显示了
我看来有生成代码的功能,有没有说明可以看一下,谢谢你~
七牛的工程师已经给了我们区分的具体的算法了,他是根据文件大小进行分别计算,写的非常好,文件地址:https://github.com/qiniu/qetag/blob/master/QETag.java写法如下:
1234567891011
css,js 引用了https://static.mysiteforme.com
这个域名的文件,这个域名一挂岂不是都死了
Cross SIte Scripting (XSS) vulnerability exists in mysiteforme
By accessing the add blog tag function in the blog tag in the background blog management, and inserting the
< script > alert ("XSS") < / script > code, it will be found that an XSS window will pop up on the page after adding successfully.
[Vulnerability Type]
Cross Site Scripting (XSS)
[Vendor of Product]
https://github.com/wangl1989/mysiteforme
[Affected Component]
POST /admin/blogTags/add HTTP/1.1
Host: localhost:8081
Content-Length: 65
sec-ch-ua: "Chromium";v="91", " Not;A Brand";v="99"
Accept: /
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://localhost:8081
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost:8081/admin/blogTags/add
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: Hm_lvt_acc69acbc4e6d4c69ecf77725d072490=1628729888; Hm_lvt_cd8218cd51f800ed2b73e5751cb3f4f9=1629343346; Hm_lvt_1cd9bcbaae133f03a6eb19da6579aaba=1629683228; Hm_lvt_1040d081eea13b44d84a4af639640d51=1629783006; UM_distinctid=17b76a322159-028d8115bdecb5-3373266-e1000-17b76a32216401; CNZZDATA1255091723=2008929866-1629783007-http%253A%252F%252Flocalhost%253A8080%252F%7C1629783007; _jspxcms=5db6fb498e1443a5be36a3e370535190; _ga=GA1.1.795989054.1631684216; Hm_lvt_8b02a318fde5831da10426656a43d03c=1634114003; JSESSIONID=97051b6c-9fd6-4b2b-a376-282138ee5c91; rememberMe=JpUJ/dmhUExBYZwuZPUqbnXzBEBuBNq2AsV+KoDW3MSp3nqhNUCEFIXXSDvPhHI0YjsTa3dt/+GhbHR3jgQolO1npu3mcTPhDjXKr7U3wX4+PU/U+EnKAgfpPv3UZEsKR2W9rG842kYfHCc758C0FlgJHkFIoeDE+quEZfXu4w8X8M9Fzn1TTCvd2tzbcIRwtOJUeoh8Rmw3DPZXAeHtgJFjdNe/e9Ncq82KD/jO/rQFlvOkKTs10Ku6GagZWDhArGfq4d+pD6HM9FSH8t1eUX0/g9Bi2QoCiF9iwKgwICdiyBS6L43rdbCDaZbdnICAL+BilTqgYhx+SJ48KZF0bTd03gVk+BrvN85UbQ5qzskZ5eUnsDqODbqdE0/UaAkjpdeWI2zaa02mDLWwlpmX8ZCyaANGfKDd7jcVYMbUnXbHclB0vPaJRVb2JtfW8NX8F6uzwo2VDIbUsh89w4iI831h0f+K6ai5uA08IHvy82Op13h350mRA1UxLZFqzS5xalVK9kObu9AnSMF32wN5KNBYLt2Yar94a7cUR/NO07EQLD8bhHfl0wYXffLYTf67BsGiE6P2PWvrtOU+5hDFV4Rp1Gz6qCDBBUKrKKDi0tGDU0Esy12+Bg6OeI/B4qDyEi9cHl3C8zsdxTWj/KRM7el1awwrMfozT1ccCA6XyFvs/KqxNPWW3v+INh+qQYMugGg/c7ryzEMj8JYaixMdddg3sShevK1JjxURWuSsw9HBpDt27yVhWXtm+3Y0WCBRsXKbbKMqlYgkHjxRRTHNUNBtiAXC1xcAt2FXKR+v7nGTMibttZFA5Vzf2fIiBu5zz5wqAg5ObGxsx24VsQMVtG+21rut0nLLhufo847ADIgwhcJ+GtD0xeg1sYvxSoMWEi4gS0XTzy/R9sEIiCaNkA9MOEeuVC/LIDsypINTGLA=
Connection: close
name=%E6%A0%87%E7%AD%BE%3Cscript%3Ealer(%22xss%22)%3C%2Fscript%3E
[Attack Type]
Remote
[Impact Code execution]
true
LoginController.java line 168 String result = HttpUtil.get(mys.toString());
基本影响大部分页面打开速度慢6秒以上。
这个可以考虑放缓存吗?
另外的页面响应速度也不是很快。
There is a CSRF vulnerability in the background blog management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, a blog tag will be added
[Vulnerability Type]
Cross-site request forgery (csrf)
[Vendor of Product]
https://github.com/wangl1989/mysiteforme
[Affected Component]
POST /admin/blogTags/add HTTP/1.1
Host: 127.0.0.1:8081
Content-Length: 23
Cache-Control: max-age=0
sec-ch-ua: "Chromium";v="91", " Not;A Brand";v="99"
sec-ch-ua-mobile: ?0
Upgrade-Insecure-Requests: 1
Origin: null
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
name=%E5%8E%86%E5%8F%B2
[Attack Type]
Remote
[Impact Code execution]
true
POC:
<input type="submit" value="Submit request" />
</form>
https://www.mysiteforme.com/2019/05/25/nginx-pei-zhi-https/
访问http默认跳转https server {
listen 80;
server_name admin.mysiteforme.com;
return 301 https
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.