Article 4: Vulnerability 3 – User Session Leak (CVE-2)

Title: User Session Information Disclosed via Unauthenticated Endpoint

Details:

File: novel-system/src/main/java/com/java2nb/system/controller/SessionController.java
Endpoint: GET /list
Returns: List<UserOnline> including session IDs, IP addresses, login timestamps.

Example Request:

curl http://target-ip:port/list

Impact: Attackers can retrieve real-time user session data, which could be exploited for social engineering or session hijacking.

CWE: CWE-306

posted @ 2025-04-15 20:59 Aibot 阅读(3) 评论(0) 收藏举报

刷新页面返回顶部

桃花源

悟已往之不鉴，知来者可追。

Article 4: Vulnerability 3 – User Session Leak (CVE-2)

公告