IceCMS is a content management system based on Spring Boot+Vue front-end and back-end separation.
IceCMS v2.0.1 version has a level of unauthorized access, which is located in the area of personal information modification. Through a single ordinary user, multiple user information accounts and passwords can be modified. The backend code only determines identity based on userId, which is why the vulnerability arises
Vulnerability points: http://localhost:9528/userinfo/index
Let's first create two accounts One test 1, one test 2 Click on update and capture the package
Then log in to test 1 Repeat the above operation
Discovering that users can directly identify the other party's identity through userId So the construction replaced the userId with 334 from test 2 just now, and modified the email, gender, and password
Discovery successful The backend data and frontend display have been modified
This is the front-end page