CVE-2021-46371 PoC — AntD Admin 访问控制错误漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-46371.yaml

Associated Vulnerability

Title:AntD Admin 访问控制错误漏洞 (CVE-2021-46371)
Description:AntD Admin是Zuiidea个人开发者的一个基于 Ant Design 和 UmiJs 构建的企业应用程序的优秀前端解决方案。 AntD Admin 存在安全漏洞，该漏洞源于Antd-admin 5.5.0受到错误访问控制漏洞的影响。攻击者可利用该漏洞前台部分接口未经授权访问，导致敏感信息泄露。

Description

AntD Admin has a security vulnerability that stems from Antd-admin 5.5.0 being affected by an incorrect access control vulnerability. Attackers can exploit this vulnerability to gain unauthorized access to some front-end interfaces, resulting in the leakage of sensitive information such as user IDs, names, ages, phone numbers, addresses, and more.

File Snapshot


 id: CVE-2021-46371

info:
  name: AntD Admin - Sensitive Information Disclosure
  author: ritikchadd

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!