大量接口没有权限检查 #54
Labels
Comments
|
谢谢提醒。安全这块确实前期重视不够,主要精力都在功能上了。我将对接口进行检查,加权限。 |
|
已经修复user接口 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
很多敏感操作没有权限检查
举例子,在未登录的情况下访问如下地址
zsj.itdos.net/admin/user/
可以获取所有账号的信息,包括密码的MD5值,通过在线的md5解密服务即可获取密码
The text was updated successfully, but these errors were encountered: