You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A Escalation of Privileges vulnerability was discoverde in the opensource CMS.OK,follow my step see how to achieve the vulnerability!
1、You need to login the system(default admin account:admin/123456),you'll see six functions.
2、Next,click the "user management(用户管理)"function and create a low Privilege user named test.
3、Logout the admin account and login with test account.we'll find there has only four functions.
4、If we add "/jobgroup" to the URL end ,we can see the fifth function "Executor management(执行器管理)",even edit it!
So,we could achieve the vulnerability by four steps and execute admin function with low Privilege account.
The text was updated successfully, but these errors were encountered:
XXL-JOB is a distributed task scheduling framework, the core design goal is to develop quickly, learning simple, lightweight, easy to expand. Is now open source and access to a number of companies online product line.
https://www.xuxueli.com/xxl-job/en/
https://github.com/xuxueli/xxl-job/
A Escalation of Privileges vulnerability was discoverde in the opensource CMS.OK,follow my step see how to achieve the vulnerability!
1、You need to login the system(default admin account:admin/123456),you'll see six functions.
2、Next,click the "user management(用户管理)"function and create a low Privilege user named test.
3、Logout the admin account and login with test account.we'll find there has only four functions.
4、If we add "/jobgroup" to the URL end ,we can see the fifth function "Executor management(执行器管理)",even edit it!
So,we could achieve the vulnerability by four steps and execute admin function with low Privilege account.
The text was updated successfully, but these errors were encountered: