Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unauthorized and Over-Privileged API Access Vulnerability: Harvesting All Usernames and Passwords #23

Open
h1thub opened this issue Jul 4, 2024 · 2 comments
Open

Unauthorized and Over-Privileged API Access Vulnerability: Harvesting All Usernames and Passwords #23

h1thub opened this issue Jul 4, 2024 · 2 comments

Comments

@h1thub
Copy link

h1thub commented Jul 4, 2024

You can see in the figure below that the following API interface lacks authentication.(hithub is me)
image
Iterate through the numbers in the figure below.
image
By iterating through these numbers, you can obtain all users' usernames and passwords, as shown in the figure below.
image
@wuanbin
Copy link

wuanbin commented Jul 27, 2024

this can cve?

@wuanbin
Copy link

wuanbin commented Jul 27, 2024

算是一个cve了

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wuanbin @h1thub