shiro_CVE-2023-22602 - Blog

nama769 / icarus-blog-comment

icarus blog comment use

0 stars 0 forks source link

shiro_CVE-2023-22602 - Blog #2

Open nama769 opened 1 year ago

nama769 commented 1 year ago

https://naman.live/2023/01/30/shiro-CVE-2023-22602/#%E6%9D%82%E8%B0%88

Shiro < 1.11.0 & Spring Boot 2.6+ 鉴权绕过（CVE-2023-22602）漏洞描述官方通告shiro 在 1.11.0版本之前，当与spring boot 2.6以上版本组合使用的时候，在默认配置下，配合特定的路由规则，攻击者可以通过发送特殊的请求造成shiro中的鉴权绕过。 Spring + shiro 请求处理流程搭环境先要找一个简单标准的spr

nama769 commented 1 year ago

@A.R

H4cking2theGate commented 1 year ago

11111

H4cking2theGate commented 1 year ago

4444

nama769 commented 1 year ago

code?

nama769 commented 1 year ago

code2

nama769 commented 1 year ago

code3

H4cking2theGate commented 1 year ago

33333333333