IceCMS is a content management system based on Spring Boot+Vue front-end and back-end separation.

IceCMS v2.0.1 has an unauthorized access level and is located in the Personal Information Modification area. Through the ordinary user, the administrator user's account, personal information and password can be modified, resulting in vertical override. The back-end code determines the identity based solely on the userId, which is how the vulnerability arises. It's very harmful.

Vulnerability points: http://localhost:9528/userinfo/index

Let's first create an account test 1, Click on update and capture the package

And then we grab the administrator's package and we know that userId is 3

Then go back to the package for our previous test user, change the userId to 3, and change the name and password Send the packet. Success

Discovery successful The administrator account has been changed after checking the database