Antian Advanced Sustainable Threat Security Detection System Overriding Access Vulnerability
Antian Advanced Sustainable Threat Security Detection System Overriding Access Vulnerability
#Antian Advanced Sustainable Threat Security Detection System Overriding Access Vulnerability
Vulnerability Description
Antian Advanced Sustainable Threat Security Detection System There is an overridden access vulnerability, and an attacker can modify a specific return package through tools to cause overriding the backend to view sensitive information.
Vulnerability Impact
Antian Advanced Sustainable Threat Security Detection System
Network surveying and mapping
Vulnerability reappears
The login page is as follows
Among them, an authentication requested is found during the packet capture process. Url
{"role": "", "login_status": false, "result": "ok"}
Where login_status is false, use Burp to replace the response package to true
Authentication was successfully crossed when requesting /api/user/islogin
Visit the homepage again to verify the overdue vulnerability
This post is licensed under CC BY 4.0 by the author.