diff --git a/README.md b/README.md index dc95aa1..f17d4d6 100644 --- a/README.md +++ b/README.md @@ -94,6 +94,8 @@ url: jdbc:mysql://localhost:13306/JavaSecLab?characterEncoding=utf8&zeroDateTime ### Docker部署(推荐) > 条件:已安装docker和docker-compose +> +> docker部署过程中 sql文件没有初始化执行的话(即数据库为空) 需要手动导入下sql文件 ```shell mvn clean package -DskipTests diff --git a/deploy.sh b/deploy.sh deleted file mode 100755 index 8b13789..0000000 --- a/deploy.sh +++ /dev/null @@ -1 +0,0 @@ - diff --git a/src/main/java/top/whgojp/modules/logic/idor/controller/HorizontalController.java b/src/main/java/top/whgojp/modules/logic/idor/controller/HorizontalController.java index 076c619..7168d7d 100644 --- a/src/main/java/top/whgojp/modules/logic/idor/controller/HorizontalController.java +++ b/src/main/java/top/whgojp/modules/logic/idor/controller/HorizontalController.java @@ -23,14 +23,14 @@ @Api(value = "HorizontalController", tags = "逻辑漏洞-水平越权") @Controller @CrossOrigin(origins = "*") -@RequestMapping("/logic/idor") +@RequestMapping("/logic/idor/horizontal") public class HorizontalController { @Autowired private UserMapper userMapper; - @RequestMapping("/horizontal") + @RequestMapping("") public String horizontal(){ - return "/vul/logic/idor/horizontal"; + return "vul/logic/idor/horizontal"; } @GetMapping("/getUserInfo") diff --git a/src/main/java/top/whgojp/modules/logic/idor/controller/VerticalController.java b/src/main/java/top/whgojp/modules/logic/idor/controller/VerticalController.java index d9a1ac3..d5f529f 100644 --- a/src/main/java/top/whgojp/modules/logic/idor/controller/VerticalController.java +++ b/src/main/java/top/whgojp/modules/logic/idor/controller/VerticalController.java @@ -19,11 +19,11 @@ @Api(value = "VerticalController", tags = "逻辑漏洞-垂直越权") @Controller @CrossOrigin(origins = "*") -@RequestMapping("/logic/idor") +@RequestMapping("/logic/idor/vertical") public class VerticalController { - @RequestMapping("/vertical") + @RequestMapping("") public String vertical(){ - return "/vul/logic/idor/vertical"; + return "vul/logic/idor/vertical"; } @GetMapping("/vul") diff --git a/src/main/java/top/whgojp/security/SecurityConfigurer.java b/src/main/java/top/whgojp/security/SecurityConfigurer.java index ecd10b2..6f09187 100755 --- a/src/main/java/top/whgojp/security/SecurityConfigurer.java +++ b/src/main/java/top/whgojp/security/SecurityConfigurer.java @@ -99,10 +99,7 @@ protected void configure(HttpSecurity http) throws Exception { // http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class); // 如果不需要验证码校验登录 可以注释掉该行 - http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class); - - // 如果不用验证码,注释这个过滤器即可 -// http.addFilterAt(usernamePasswordAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class); +// http.addFilterBefore(validateCodeFilter, UsernamePasswordAuthenticationFilter.class); // 添加session管理器 session失效后跳到登录页 diff --git a/src/main/resources/templates/vul/logic/idor/horizontal.html b/src/main/resources/templates/vul/logic/idor/horizontal.html index b80f67d..6d2041a 100644 --- a/src/main/resources/templates/vul/logic/idor/horizontal.html +++ b/src/main/resources/templates/vul/logic/idor/horizontal.html @@ -160,7 +160,7 @@

安全代码

miniTab.listen(); - layer.msg("其他漏洞-越权漏洞"); + layer.msg("其他漏洞-水平越权"); var cmConfig = { lineNumbers: true, diff --git a/src/main/resources/templates/vul/logic/idor/vertical.html b/src/main/resources/templates/vul/logic/idor/vertical.html index 219e01a..0a3f2db 100644 --- a/src/main/resources/templates/vul/logic/idor/vertical.html +++ b/src/main/resources/templates/vul/logic/idor/vertical.html @@ -26,7 +26,7 @@
-

漏洞环境:水平遍历用户信息

+

漏洞环境:垂直越权管理员

@@ -74,7 +74,7 @@

缺陷代码

miniTab.listen(); - layer.msg("其他漏洞-越权漏洞"); + layer.msg("其他漏洞-垂直越权"); var cmConfig = { lineNumbers: true,