Skip to content

Ujcms v8.0.2 has a vulnerability that attacker could spoofing servers with IP addresses. #7

New issue
New issue
Open
Open
Ujcms v8.0.2 has a vulnerability that attacker could spoofing servers with IP addresses.#7
@Phantom4me

Description

@Phantom4me
Phantom4me
opened on Dec 17, 2023

[Vulnerability description]

Ujcms v8.0.2 has a vulnerability that is Reliance on IP Address for Authentication(CWE-291), attacker could spoofing servers with IP addresses and impact log record.

[Vulnerability Type]
CWE-291: Reliance on IP Address for Authentication

[Vendor of Product]
https://gitee.com/ujcms/ujcms
https://github.com/ujcms/ujcms
https://www.ujcms.com/

[Affected Product Code Base]
v8.0.2

[Vulnerability proof]

Condition: tomcat deployment project
the weak java file : src/main/java/com/ujcms/commons/web/Servlets.java

  1. The method to get a real client IP by X-Forwarded-For
    image
  2. If attacker add a X-Forwarded-For: 1.1.1.1 in header, the IP list will be 1.1.1.1, 127.0.0.1, now getRemoteAddr() will get the 127.0.0.1
    image

image
3. And then find the ip from right to left, the left ip is 1.1.1.1
image

The IP impersonation is complete

We can see the fake IP address in the log.
image
many Controllers use this weak method:
image

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions