IceCMS is a content management system based on Spring Boot+Vue front-end and back-end separation.

IceCMS v2.0.1 version has a level of unauthorized access, which is located in the area of personal information modification. Through a single ordinary user, multiple user information accounts and passwords can be modified. The backend code only determines identity based on userId, which is why the vulnerability arises

Vulnerability points: http://localhost:9528/userinfo/index

Let's first create two accounts One test 1, one test 2 Click on update and capture the package

Then log in to test 1 Repeat the above operation

Discovering that users can directly identify the other party's identity through userId So the construction replaced the userId with 334 from test 2 just now, and modified the email, gender, and password

Discovery successful The backend data and frontend display have been modified

This is the front-end page