File "/usr/src/app/db/user.py", line 153, in encrypt
return crypto.aes_encrypt(data, userkey)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/src/app/libs/mcrypto.py", line 46, in aes_encrypt
aes = AES.new(key, mode, iv)
^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/Crypto/Cipher/AES.py", line 228, in new
return _create_cipher(sys.modules[__name__], key, mode, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/Crypto/Cipher/__init__.py", line 79, in _create_cipher
return modes[mode](factory, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/Crypto/Cipher/_mode_cbc.py", line 274, in _create_cbc_cipher
cipher_state = factory._create_base_cipher(kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3.11/site-packages/Crypto/Cipher/AES.py", line 89, in _create_base_cipher
if len(key) not in key_size:
^^^^^^^^
TypeError: object of type 'int' has no len()
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/usr/lib/python3.11/site-packages/tornado/web.py", line 1786, in _execute
result = await result
^^^^^^^^^^^^
File "/usr/src/app/web/handlers/login.py", line 265, in post
await self.send_mail(user)
File "/usr/src/app/web/handlers/login.py", line 298, in send_mail
verified_code = await self.db.user.encrypt(user['id'], verified_code)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/src/app/db/user.py", line 155, in encrypt
raise self.UserDBException('encrypt error')
db.user.User.UserDBException: encrypt error
acooler15
commented
7 months ago
Verify steps
QD Version
20230821
Bug on OS
Windows
Bug on Platform
Docker/Linux 64位
To Reproduce
拿自己部署的QD的数据库DB文件恢复别人的QD站点,可以把别人的站点搞崩溃,我的已经被别人搞崩溃了
Describe the Bug
应该是权限漏洞,没有限制普通用户上传DB数据库,从而导致整站崩溃
QD config
No response
QD log
Expected behavior
这是个非常严重的漏洞,修复的同时建议能增加数据库自动备份的功能
Screenshots
No response