There is login bypass in doracms

doramart / DoraCMS

DoraCMS是基于Nodejs+eggjs+mongodb编写的一套内容管理系统，结构简单，较目前一些开源的cms，doracms易于拓展，特别适合前端开发工程师做二次开发。

https://www.html-js.cn

MIT License

3.45k stars 1.02k forks source link

There is login bypass in doracms #256

Open dontblame opened 2 years ago

dontblame commented 2 years ago

There is login bypass in doracms2.18 and earlier versions. When logging in, you can bypass the login user authentication by replacing the return package with the return package after a system successfully logs in. [Vulnerability proof] Step 1:Log in to the system through the default account doracms and record the returned package. Step 2:Use this return package to log in to other doracms systems. Step 3:Successfully bypassed login to enter the system.

xiahao90 commented 1 year ago

这个poc怎么写哦，怎么生成个长时间的admin_doracms与admin_doracms.sgi