-
Notifications
You must be signed in to change notification settings - Fork 87
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
发现一个重大漏洞 #6
Comments
if (uri.startsWith("/admin") && null == request.getSession().getAttribute("loginUserId")) |
收到,但我觉得这样解决更好,如下: |
在配置类中配置了拦截路径,//admin/xxx也不会放行 |
可以通过 //admin路径开头跳过登录拦截器,访问后台接口,接口能够正常访问。
例如:
post http://127.0.0.1//admin/v1/blogConfig/add
参数
configField=111
configName=111
configValue=111
无需登录即可访问接口
The text was updated successfully, but these errors were encountered: