[MEDIUM] CORS 配置过于宽松:子域名通配 + localhost 任意端口 #7
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
漏洞描述
internal/middleware/cors.go中的 CORS 配置存在两个问题:1. 子域名通配过于宽松
任何
*.littlelan.cn子域名都被允许跨域访问并携带凭据。如果攻击者控制了任意子域名(或未来添加的不安全子域名),可读取所有 API 响应数据。2. localhost 任意端口开放
localhost:8888、localhost:9999等任意端口都被允许。恶意本地应用可通过此方式获取带凭据的 API 访问权限。修复建议
严重程度
MEDIUM — 攻击面取决于子域名控制权和本地恶意软件。