Yaoqishan Incorrect Access Control Vulnerability in Admin API
Vulnerability
A vulnerability allowing authentication bypass has been identified in Yaoqishan version 0.0.1-SNAPSHOT. This issue resides in the admin API, where incorrect access control allows attackers to gain admin rights by sending a crafted request. The vulnerability is rooted in the `QingInterceptor` class, specifically within the `preHandle` function, which improperly validates request URLs. Exploitation involves manipulating the request path to bypass authentication checks and access sensitive user information.
Impact
Exploitation of this vulnerability grants unauthorized access to admin rights, allowing attackers to access sensitive information through the admin API.
Reproduction
To reproduce this vulnerability, send a request to the `/admin/user_info/list_normal.action` endpoint. The default behavior is to be redirected to the admin login page. However, by including `login/../` in the request URL, the authentication check can be bypassed, granting access to any user's information.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.