fix some bugs

whgojp · Nov 10, 2024 · 638288b · 638288b
1 parent 7cf81bd
commit 638288b
Show file tree

Hide file tree

Showing 7 changed files with 12 additions and 14 deletions.
diff --git a/README.md b/README.md
@@ -94,6 +94,8 @@ url: jdbc:mysql://localhost:13306/JavaSecLab?characterEncoding=utf8&zeroDateTime
 ### Docker部署(推荐)
 
 > 条件：已安装docker和docker-compose
+>
+> docker部署过程中 sql文件没有初始化执行的话(即数据库为空) 需要手动导入下sql文件
 
 ```shell
 mvn clean package -DskipTests

diff --git a/deploy.sh b/deploy.sh
diff --git a/src/main/java/top/whgojp/modules/logic/idor/controller/HorizontalController.java b/src/main/java/top/whgojp/modules/logic/idor/controller/HorizontalController.java
@@ -23,14 +23,14 @@
 @Api(value = "HorizontalController", tags = "逻辑漏洞-水平越权")
 @Controller
 @CrossOrigin(origins = "*")
-@RequestMapping("/logic/idor")
+@RequestMapping("/logic/idor/horizontal")
 public class HorizontalController {
     @Autowired
     private UserMapper userMapper;
 
-    @RequestMapping("/horizontal")
+    @RequestMapping("")
     public String horizontal(){
-        return "/vul/logic/idor/horizontal";
+        return "vul/logic/idor/horizontal";
     }
 
     @GetMapping("/getUserInfo")

diff --git a/src/main/java/top/whgojp/modules/logic/idor/controller/VerticalController.java b/src/main/java/top/whgojp/modules/logic/idor/controller/VerticalController.java
@@ -19,11 +19,11 @@
 @Api(value = "VerticalController", tags = "逻辑漏洞-垂直越权")
 @Controller
 @CrossOrigin(origins = "*")
-@RequestMapping("/logic/idor")
+@RequestMapping("/logic/idor/vertical")
 public class VerticalController {
-    @RequestMapping("/vertical")
+    @RequestMapping("")
     public String vertical(){
-        return "/vul/logic/idor/vertical";
+        return "vul/logic/idor/vertical";
     }
 
     @GetMapping("/vul")

diff --git a/src/main/java/top/whgojp/security/SecurityConfigurer.java b/src/main/java/top/whgojp/security/SecurityConfigurer.java
@@ -99,10 +99,7 @@ protected void configure(HttpSecurity http) throws Exception {
 //        http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
 
         // 如果不需要验证码校验登录 可以注释掉该行
-        http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class);
-
-        // 如果不用验证码，注释这个过滤器即可
-//        http.addFilterAt(usernamePasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
+//        http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class);
 
 
         // 添加session管理器 session失效后跳到登录页

diff --git a/src/main/resources/templates/vul/logic/idor/horizontal.html b/src/main/resources/templates/vul/logic/idor/horizontal.html
@@ -160,7 +160,7 @@ <h1><span class="iconfont icon-code"> 安全代码</span></h1>
 
 
         miniTab.listen();
-        layer.msg("其他漏洞-越权漏洞");
+        layer.msg("其他漏洞-水平越权");
 
         var cmConfig = {
             lineNumbers: true,

diff --git a/src/main/resources/templates/vul/logic/idor/vertical.html b/src/main/resources/templates/vul/logic/idor/vertical.html
@@ -26,7 +26,7 @@
             <div class="layui-col-md12" style="margin-top: 10px">
                 <div class="layui-row layui-col-space15">
                     <div class="layui-col-md6">
-                        <h1><span class="iconfont icon-bug"> 漏洞环境：水平遍历用户信息</span></h1>
+                        <h1><span class="iconfont icon-bug"> 漏洞环境：垂直越权管理员</span></h1>
                         <div class="layui-tab layui-tab-brief">
                             <div class="layui-tab-content">
                                 <div class="layui-tab-item layui-show">
@@ -74,7 +74,7 @@ <h1><span class="iconfont icon-code"> 缺陷代码</span></h1>
 
 
         miniTab.listen();
-        layer.msg("其他漏洞-越权漏洞");
+        layer.msg("其他漏洞-垂直越权");
 
         var cmConfig = {
             lineNumbers: true,