antabot / white-jotter Goto Github PK

/api/admin/content/books/covers

No validation is performed on the file extension of uploaded files, which may allow attackers to upload malicious files.

Source code：src/main/java/com/gm/wj/service/JotterArticleService.java

I will use redis to cache books metadata and articles.

List<AdminRoleMenu> findAllByRid(List<Integer> rids);
这一句应为
List<AdminRoleMenu> findAllByRidIn(List<Integer> rids);

附上链接

将下列代码加入到 pom.xml 文件内 就会成功

	<repositories>
		<repository>
			<id>jcenter</id>
			<name>jcenter</name>
			<url>https://maven.aliyun.com/repository/jcenter</url>
		</repository>
		<repository>
			<id>central</id>
			<name>central</name>
			<url>https://maven.aliyun.com/repository/central</url>
		</repository>
	</repositories>

	<pluginRepositories>
		<pluginRepository>
			<id>ali</id>
			<name>ali</name>
			<url>https://maven.aliyun.com/repository/central</url>
		</pluginRepository>
	</pluginRepositories>

最近在做这个项目，但是忽然发现作者大大没有加开源协议，那就会变成这样
You're under no obligation to choose a license. However, without a license, the default copyright laws apply, meaning that you retain all rights to your source code and no one may reproduce, distribute, or create derivative works from your work.
任何人都不得复制、分发、使用、修改这段代码用到其他项目里面

                             Manual Review                                  
         Some vulnerabilities require your attention to resolve             
                                                                            
      Visit https://go.npm.me/audit-guide for additional guidance           

High Cross-Site Scripting

Package mavon-editor

Patched in No patch available

Dependency of mavon-editor

Path mavon-editor

More info https://npmjs.com/advisories/1169

Low Prototype Pollution

Package minimist

Patched in >=0.2.1 <1.0.0 || >=1.2.3

Dependency of eslint-loader [dev]

Path eslint-loader > loader-fs-cache > mkdirp > minimist

More info https://npmjs.com/advisories/1179

Moderate Cross-Site Scripting

Package serialize-javascript

Patched in >=2.1.1

Dependency of uglifyjs-webpack-plugin [dev]

Path uglifyjs-webpack-plugin > serialize-javascript

More info https://npmjs.com/advisories/1426

High Remote Code Execution

Package serialize-javascript

Patched in >=3.1.0

Dependency of uglifyjs-webpack-plugin [dev]

Path uglifyjs-webpack-plugin > serialize-javascript

More info https://npmjs.com/advisories/1548

found 6 vulnerabilities (3 low, 1 moderate, 2 high) in 2103 scanned packages
run npm audit fix to fix 2 of them.
4 vulnerabilities require manual review. See the full report for details.

项目运行成功，但是看配置文件好像很简单，基本上感觉什么都没有，日志上什么都看不到，是配置了相关的东西吗？

老哥，我是从你博客过来的，这项目真心很棒，老哥求加个Q哇。。。。还有好多问题想要请教。。。

表单验证rules跟loginForm里的字段名称好像没对上

data () {
    return {
    rules: {
        account: [{required: true, message: '请输入正确的用户名', trigger: 'blur'}],
        checkPass: [{required: true, message: '请输入正确的密码', trigger: 'blur'}]
    },
    checked: true,
    loginForm: {
        username: 'admin',
        password: '123'
    },
    loading: false
    }
}

保存文章 日期保存不上

建议将前后端分成2个仓，没一个分别维护，慢慢做，有好点子就放进来，会有更多人参加进来的！加油

博主您好，我最近在学习Vue/Spring boot进行web开发，阅读 Vue + Spring Boot 项目实战（三）：前后端结合测试（登录页面开发） 文章的时候，尝试把里面的代码运行起来，但是出现下面的问题。

在点击登录button的时候，我执行 alert 和 console 输出都成功，我认为POST请求应该是发送成功的。但不知为何会报错。恳请赐教。感谢。

以下是 Chrome 的后台输出：

Access to XMLHttpRequest at 'http://localhost:8443/api/login' from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

log.js?4244:23 [HMR] Waiting for update signal from WDS...
vue.esm.js?efeb:9077 Download the Vue Devtools extension for a better development experience:
https://github.com/vuejs/vue-devtools
:8080/#/login:1 Access to XMLHttpRequest at 'http://localhost:8443/api/login' from origin 'http://localhost:8080' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
xhr.js?ec6c:178 POST http://localhost:8443/api/login net::ERR_FAILED
dispatchXhrRequest      @ xhr.js?ec6c:178
xhrAdapter              @ xhr.js?ec6c:12
dispatchRequest         @ dispatchRequest.js?c4bb:52
Promise.then (async)
request                 @ Axios.js?5e65:61
Axios.<computed>        @ Axios.js?5e65:86
wrap                    @ bind.js?24ff:9
login                   @ Login.vue?03db:27
invokeWithErrorHandling @ vue.esm.js?efeb:1863
invoker                 @ vue.esm.js?efeb:2188
original._wrapper       @ vue.esm.js?efeb:7565

1. First, build the environment locally to access the backend management system.
   
2. You can see that the project's pom.xml file relies on the vulnerable shiro package.
   
3. Using ShiroAttack2 Tools for vulnerability detection. Tool link:https://github.com/SummerSec/ShiroAttack2
   
   You can see that Shiro’s secret key was revealed during the explosion.
4. Detect current Shiro’s exploit chain
   
5. The whoami command was executed successfully, confirming that the vulnerability exists
   

[webpack-cli] You need to install 'webpack-dev-server' for running 'webpack serve'.
Error: Cannot find module 'ajv/dist/compile/codegen'
Require stack:

• G:\white-jotter\wj-vue\node_modules\ajv-keywords\dist\definitions\typeof.js
• G:\white-jotter\wj-vue\node_modules\ajv-keywords\dist\keywords\typeof.js
• G:\white-jotter\wj-vue\node_modules\ajv-keywords\dist\keywords\index.js
• G:\white-jotter\wj-vue\node_modules\ajv-keywords\dist\index.js
• G:\white-jotter\wj-vue\node_modules\webpack-dev-server\node_modules\schema-utils\dist\validate.js
• G:\white-jotter\wj-vue\node_modules\webpack-dev-server\node_modules\schema-utils\dist\index.js
• G:\white-jotter\wj-vue\node_modules\webpack-dev-server\lib\Server.js
• G:\white-jotter\wj-vue\node_modules@webpack-cli\serve\lib\index.js
• G:\white-jotter\wj-vue\node_modules\webpack-cli\lib\webpack-cli.js
• G:\white-jotter\wj-vue\node_modules\webpack-cli\lib\bootstrap.js
• G:\white-jotter\wj-vue\node_modules\webpack-cli\bin\cli.js
• G:\white-jotter\wj-vue\node_modules\webpack-dev-server\bin\webpack-dev-server.js
  npm ERR! code ELIFECYCLE
  npm ERR! errno 2
  npm ERR! [email protected] dev: webpack-dev-server --inline --progress --config build/webpack.dev.conf.js
  npm ERR! Exit status 2
  npm ERR!
  npm ERR! Failed at the [email protected] dev script.
  npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR! C:\Users\Guan Spring\AppData\Roaming\npm-cache_logs\2022-01-21T07_08_01_819Z-debug.log

点击管理中心，没有跳到登录界面，而是跳到了http://localhost:8080/admin/dashboard这里面，请问这是什么原因....（自己写的前端，不知道掉了啥）

直接down项目，修改好后端地址后，还是会有403跨域的错误，咋整

UserService里面这个更新用户状态好像整错了

    public void updateUserStatus(User user) {
        User userInDB = userDAO.findByUsername(user.getUsername());

        // 这里
        userInDB.setEnabled(user.isEnabled());
        userDAO.save(userInDB);
    }

解决方案：升级mavon-editor的版本为>=2.8.2

作者大大，能帮我看看这个错误是怎么回事吗，一直运行出错~

网上说是项目路径问题，我把项目换了个路径也不行~

When change the page and then use sidebar to list books by category, it will still show the previous page, which will cause uncertainty.

The expected behavior

Show the first page when select category.

Use ciphertext instead of hard coding in application properties to connect database.

我克隆了当前版本 发现项目还在飙红。。。就提交了呢。。？

用admin用户名，123456做密码，登陆提示密码错误

完全按照你博客上的配置的，跨域问题，就是走不了！

• /admin/content/article

• There is a reflection XSS in the admin/content/article interface。Just login after registration。

• Source code：src/main/java/com/gm/wj/service/JotterArticleService.java

请问 架构图是用什么软件画的？

Access to XMLHttpRequest at 'http://localhost:8443/register' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. 注册的时候页面报这个错