jerryshensjf JPACookieShop Privilege Escalation Vulnerability

A critical privilege escalation vulnerability has been identified in jerryshensjf JPACookieShop version 1.0. The issue arises in the updateGoods function of GoodsController.java, where the application fails to properly enforce authorization checks. This flaw allows authenticated users to access restricted backend management features, such as modifying product information and order details. The vulnerability is exacerbated by the use of Apache Shiro for permission management, which is not effectively implemented on key APIs. As a result, regular users can exploit this oversight to escalate privileges and manipulate sensitive data.

Impact

Exploitation of this vulnerability allows for unauthorized access to administrative functions, enabling regular users to alter product prices and potentially other critical information within the application.

Reproduction

To reproduce this vulnerability, log into the application as a regular user. Once authenticated, send a POST request to the goodsController/updateGoods endpoint. Include a JSON payload with the id of a product and the desired price modification. The request will bypass authorization checks, allowing the user to successfully update the product price, demonstrating the privilege escalation flaw.