thinkgem / jeesite5 Goto Github PK

Java rapid development platform, based (Spring Boot, Spring MVC, Apache Shiro, MyBatis, Beetl, Bootstrap, AdminLTE), online code generation, including modules: Organization, role users, menu and button authorization, data permissions, system parameters, content management, workflow, etc. Loose coupling design is adopted; one key skin switch; account security Settings, password policies; Online scheduled task configuration; Support cluster, support SAAS; Support for multiple data sources

Home Page: https://gitee.com/thinkgem/jeesite4/issues

License: Apache License 2.0

Batchfile 0.17% Java 14.92% CSS 8.59% JavaScript 61.43% HTML 13.97% Shell 0.16% Dockerfile 0.01% SCSS 0.35% Less 0.31% TSQL 0.08%

java spring-boot spring-mvc mybatis bootstrap3 beetl jquery shiro

jeesite5's Issues

Arbitrary URL redirection vulnerability

这是英文的漏洞报告，中文的在(This is the English report, the Chinese report is 任意url跳转

Description

@RequestMapping(value = "index") When logging in, there is no restriction on __url, resulting in a jump to the forged page after successful login.

Vulnerability details

After receiving the request, the interface gets the address of __url.

com.jeesite.modules.sys.web#index()

Get the value of __url in the request, if the authentication is successful, jump to the constructed url.

TEST

url:*****/js/a/login?__url=http://baidu.com/

LOCAL TEST：http://localhost:8980/js/a/login?__url=http://baidu.com/

The package successfully jumps to the constructed url

删除字段或者表后，索引会自动删除
所以建议把脚本的删除索引命令去掉
http://dev.mysql.com/doc/refman/5.6/en/alter-table.html

If columns are dropped from a table, the columns are also removed from
any index of which they are a part. If all columns that make up an
index are dropped, the index is dropped as well.