🌈冰激凌内容管理系统🍦,实现MacWK资源站,社区图片视频圈子CMS,支持网页端移动端小程序🌟适合做 资讯商城,社区论坛,聊天交友 社区,博客,圈子,论坛,图片,视频,社交。
GNU Affero General Public License v3.0
1.56k
stars
223
forks
source link
Unauthorized and Over-Privileged API Access Vulnerability: Harvesting All Usernames and Passwords #23
Open
h1thub opened 2 months ago
You can see in the figure below that the following API interface lacks authentication.(hithub is me)
Iterate through the numbers in the figure below.
By iterating through these numbers, you can obtain all users' usernames and passwords, as shown in the figure below.