201206030 Novel Logic Authorization Bypass Vulnerability in Chapter Update Handler

A critical logic authorization bypass vulnerability has been identified in version 3.5.0 of the 201206030 Novel project. This vulnerability resides in the Chapter Handler component, specifically within the updateBookChapter function of the AuthorController.java file. The issue arises from improper access controls, allowing remote exploitation. The vulnerability has been publicly disclosed and could be actively exploited.

Impact

Exploitation of this vulnerability allows for unauthorized users to bypass authentication and access control mechanisms, enabling them to delete or update novel chapters arbitrarily.

Reproduction

To reproduce this vulnerability, first register as an author using any identity and log in. The chapter IDs can be obtained by opening a novel and loading the chapter directory. Once the chapter ID is known, construct a DELETE request to the 'book/chapter/{chapterId}' endpoint using an arbitrary author identity token. The chapter will be successfully deleted, demonstrating the authorization bypass. Similarly, to exploit the update functionality, send a PUT request to the same endpoint with a payload containing the chapter ID, chapter name, chapter content, and VIP status. This will update the chapter information without proper authorization.