Improper Access Control in liukuo362573/yishaadmin

Valid

Reported on

Feb 8th 2022

Description

https://www.github.com/liukuo362573/yishaadmin has an endpoint "/admin/File/DeleteFile" that allows deleting files without authentication.

Root-cause

Server doesn't check user's permission when attacker access the endpoint. After that, server will directly call delete function with the parameters provided by the attacker. These parameters are also not checked and filtered in DeleteFile function (https://github.com/liukuo362573/YiShaAdmin/blob/master/YiSha.Util/YiSha.Util/FileHelper.cs#L140), leads to many information security risks.

Impact

Unauthenticated user can delete file on server.

We are processing your report and will contact the liukuo362573/yishaadmin team within 24 hours. a year ago

nhiephon modified the report

a year ago

We have contacted a member of the liukuo362573/yishaadmin team and are waiting to hear back a year ago

liukuo362573 validated this vulnerability a year ago

nhiephon has been awarded the disclosure bounty

The fix bounty is now up for grabs

liukuo362573 marked this as fixed in 3.1 with commit 067eb8 a year ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

nhiephon

commented a year ago

Researcher

Hi maintainer,

I think you gave the incorrect patch. You also need to authorize filter the API located at https://github.com/liukuo362573/YiShaAdmin/blob/master/YiSha.Web/YiSha.Admin.WebApi/Controllers/FileController.cs#L29

Regards.

to join this conversation