New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWT密钥硬编码可能导致任意用户登录 #3

Open

Ovi3 opened this issue Mar 23, 2024 · 1 comment

Ovi3 commented Mar 23, 2024

在.env文件里JWT Token硬编码。

c-shopping/.env

Line 3 in 1588741

    
           NEXT_PUBLIC_ACCESS_TOKEN_SECRET=h1n0U6LHJtCZuWitwjn3oLd5qCRIgUFtemnjTrpfZLzVZ3ff0f

以 http://shop.huanghanlian.com/ 为例，可以任意构造一个合法的JWT。

JWT里由userid组成，userid是MongoDB的ObjectID， Object ID可以预测，见 https://book.hacktricks.xyz/v/cn/network-services-pentesting/27017-27018-mongodb#mongo-objectid-yu-ce 。

修复建议：

不使用硬编码的JWT密钥，项目初始化时随机生成

Owner

huanghanzhilian commented Mar 23, 2024

谢谢建议，我会仔细研究这个问题并近期解决。

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment