请问有交流群吗？部署完之后页面上哪个内测群二维码失效的

这将大大完善系统普适性与广泛实用性

系统部署在局域网的另一台服务器上，本地访问服务器上时提示‘CSRF token mismatch’。

如题：批量导入了400来台设备，
操作分配用户，第一次分配 会提示成功（实际还是分配前的用户），需要再分配一次才会成功 更新
在Mac机上使用docker一键部署的

在依据导出模板修改时，xlsx中增加用户，且表头满足必填选项，用户数量大于15，发现第一次能导入14条用户信息，再尝试重新导入就显示导入失败。
然后删除用户时，ID不会删除，仍然会依次递增，感觉有些奇怪。

正在优化配置！
INFO Clearing cached bootstrap files.

events ............................................................................................. 1ms DONE
views .............................................................................................. 1ms DONE
cache .............................................................................................. 1ms DONE
route .............................................................................................. 0ms DONE
config ............................................................................................. 0ms DONE
compiled ........................................................................................... 1ms DONE

正在设置存储系统！
INFO The [public/storage] link has been connected to [storage/app/public].

正在配置APP密钥！

ErrorException

file_get_contents(): Read of 8192 bytes failed with errno=21 Is a directory

at vendor/laravel/framework/src/Illuminate/Foundation/Console/KeyGenerateCommand.php:100
96▕ {
97▕ $replaced = preg_replace(
98▕ $this->keyReplacementPattern(),
99▕ 'APP_KEY='.$key,
➜ 100▕ $input = file_get_contents($this->laravel->environmentFilePath())
101▕ );
102▕
103▕ if ($replaced === $input || $replaced === null) {
104▕ $this->error('Unable to set application key. No APP_KEY variable was found in the .env file.');

  +13 vendor frames 

14 app/Console/Commands/Install.php:45
Illuminate\Console\Command::call()
+12 vendor frames

27 artisan:37
Illuminate\Foundation\Console\Kernel::handle()

（一）因生产环境使用的Docker CE环境版本较低，具体docker version为以下：
Client: Docker Engine - Community
Version: 20.10.2
API version: 1.41
Go version: go1.13.15
Git commit: 2291f61
Built: Mon Dec 28 16:17:34 2020
OS/Arch: linux/amd64
Context: default
Experimental: true

（二）拉取2023.5.24的Latest镜像（应该是3.7.1版本chemex）部署后，查看容器log会报以下错误：
nginx: unrecognized service
php8.1-fpm: unrecognized service
cron: unrecognized service

（三）排查原因如下：
1、用当前docker拉取此前网友备份下来的3.5.2版本的chemex镜像部署容器，可正常启动使用。
2、用另一机子全新安装Debian宿主系统并安装最新版本Docker CE 24.0.2后拉取2023.5.24的Latest镜像（应该是3.7.1版本chemex）部署容器，也可正常启动使用不报错。

1. Synopsis

Chemex is vulnerable to arbitrary file upload vulnerability, which can lead to code execution.

This vulnerability exists in Chemex's latest verion 3.7.1 and all versions below. The upload/import function implements filter only in frontend, there is no filter in the backend code. Attackers can easily bypass it with tools like Burpsuite.

2. Analysis

The vulnerable endpoints is listed below:
/dcat-api/form/upload (/organization/users)
/device/records
/device/categories
/vendor/records

We are going to analysis endpoint /organization/users.

The corresponding code is in: chemex-main/app/Admin/Forms/UserImportForm.php function form

It applies filter to only accept xlsx and csv file, but only in the frontend

The backend code to upload function is in: chemex-main/vendor/dcat/laravel-admin/src/Form/Field/UploadField.php function upload

Read the code carefully, you will find there is no filter at all.

3. Exploit

You can use the following syntax to search vulnerable target in internet with Hunter (https://hunter.qianxin.com/) : web.body="让IT资产管理更加简单"&&web.body="dcat-admin/dcat/plugins/vendors.min.js"

You can login with default cred admin : admin, or some simple passwords.

The following targets has been tested by me:

https://gz.yunxiaoseo.com/ 	admin : 123456
http://42.192.138.41:8005/	admin : admin
https://jixiadmin.qiyekj.cn/	admin : admin
http://121.28.101.42:81/	admin : admin
http://81.70.56.151/		admin : admin

The target we are going to test is http://81.70.56.151/, it's the latest version I found so far (the latest is 3.7.1).

Click "组织" button or go to this url directly: /organization/users, then click the green "导入人员信息模板" button.

It will pop up a window to let you select a file to upload. Drag or select a xlsx file to upload, then intercept it with burp.

In burp, send the request to repeater, then modify the filename parameter to a php file, fill in some simple code to execute cmd.

The uploaded path will be echoed in the response, access it in your web browser.

Finally, you gain code execution.

The video of demonstration of latest version can be found in: https://mega.nz/file/dUlAyY7J#5ceaOxDibsRaqSC8VEqB6IZCWdiFCU1-WhfbLB72la0

登陆之后提示

Demo 演示站点，测试的账号密码是多少？

盘点页面下的列表

资产编号那一列显示的却是设备名称

能改过来吗

就是安装倒是成功了，但是人吧总是卡在一些奇奇怪怪的地方

我就卡在登录界面了

然后尝试查看数据库去看账号密码，发现数据库中admin_users表为空，只要涉及到user的表都为空，就很离奇，这导致我现在登不上去！装好了卡在登录这一步，已经试过了不是明文密码，靠！

自定义字段功能使用不了

输入任何账户和密码都提示"该账户已停用，请联系管理员！"

重启一次容器后的log
Nothing to migrate.
数据库迁移完成！
Database seeding completed successfully.
Database seeding completed successfully.
Database seeding completed successfully.
Database seeding completed successfully.
Database seeding completed successfully.
升级完成！
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 172.17.0.2. Set the 'ServerName' directive globally to suppress this message
[Sat Mar 26 13:00:05.377439 2022] [mpm_prefork:notice] [pid 12] AH00163: Apache/2.4.52 (Debian) PHP/8.1.3 configured -- resuming normal operations
[Sat Mar 26 13:00:05.377484 2022] [core:notice] [pid 12] AH00094: Command line: 'apache2 -D FOREGROUND'

快速搜索中，中文搜索报错，SQL语句中没有引号。

SQL如：

SELECT count(*) AS aggregate FROM device_recordsWHERE (idLIKE % 手机 % ORasset_numberLIKE % 手机 % ORdescriptionLIKE % 手机 % OR ( EXISTS ( SELECT * FROMdevice_categoriesWHEREdevice_records.category_id=device_categories.idANDdevice_categories.nameLIKE % 手机 % ANDdevice_categories.deleted_atIS NULL ) ) OR ( EXISTS ( SELECT * FROMvendor_recordsWHEREdevice_records.vendor_id=vendor_records.idANDvendor_records.nameLIKE % 手机 % ANDvendor_records.deleted_atIS NULL ) ) ORnameLIKE % 手机 % ORmacLIKE % 手机 % ORipLIKE % 手机 % ORpriceLIKE % 手机 % ORpurchasedLIKE % 手机 % ORexpiredLIKE % 手机 % OR ( EXISTS ( SELECT * FROMadmin_usersINNER JOINdevice_tracksONdevice_tracks.user_id=admin_users.idWHEREdevice_records.id=device_tracks.device_idANDadmin_users.nameLIKE % 手机 % ANDadmin_users.deleted_atIS NULL ANDdevice_tracks.deleted_atIS NULL ) ) OR ( EXISTS ( SELECT * FROMadmin_usersINNER JOINdevice_tracksONdevice_tracks.user_id=admin_users.idWHEREdevice_records.id=device_tracks.device_idAND EXISTS ( SELECT * FROMdepartmentsWHEREadmin_users.department_id=departments.idANDdepartments.nameLIKE % 手机 % ANDdepartments.deleted_atIS NULL ) ANDadmin_users.deleted_atIS NULL ANDdevice_tracks.deleted_atIS NULL ) ) ) ANDdevice_records.deleted_at IS NULL

我添加了个字段，数据库报错，但是我回到设备页面想添加设备，发现添加的字段出现了
我又去字段这个页面，但是看不到我前面添加的报错的字段

creator 字段是否全部覆盖

官方文档的Docker安装教程存在仓库404问题

忽略版本安装 也不行
composer install --ignore-platform-reqs

资产故障 页面，资产编号字段 bug

站点配置以后ok，扫码盘点后什么都不显示，是没有接口吗

i changed the 'locale' => 'en', in config/app.php but in the login page the {{ Config::get('app.locale') }} returns zh_CN

please let me know from where i need to change this seting

docker最新版本设置https后，连登录页面加载就有问题

我使用docker部署的，docker run运行成功了，但是在容器中初始化时遇到了报错：
`
[root@120 chemex_docker]# docker exec -it chemex /bin/bash
nginx: unrecognized service
php8.1-fpm: unrecognized service
cron: unrecognized service
root@c7ab548bbde5:/var/www/html/laravel# ls
Dockerfile artisan config docs public storage
LICENSE bootstrap database logo.png resources tests
README.md composer.json docker-compose.yml package.json routes vendor
app composer.lock docker-entrypoint.sh phpunit.xml server.php webpack.mix.js
root@c7ab548bbde5:/var/www/html/laravel# cd /var/www/html/laravel && php artisan chemex:install

ErrorException

exec(): Unable to fork [stty 2>&1]

at vendor/symfony/console/Terminal.php:131
127▕ if (!\function_exists('exec')) {
128▕ return false;
129▕ }
130▕
➜ 131▕ exec('stty 2>&1', $output, $exitcode);
132▕
133▕ return self::$stty = 0 === $exitcode;
134▕ }
135▕

  +5 vendor frames 

6 artisan:37
Illuminate\Foundation\Console\Kernel::handle()

不知道该如何解决这个问题，请求帮助； 这是我的系统相关版本：
[root@120 chemex_docker]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
[root@120 chemex_docker]# uname -a
Linux 120.centos.hipro 3.10.0-1160.71.1.el7.x86_64 #1 SMP Tue Jun 28 15:37:28 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
[root@120 chemex_docker]# docker -v
Docker version 18.06.3-ce, build d7080c1
`

所有输出为：
Deprecated: Return type of Illuminate\Support\Collection::jsonSerialize() should either be compatible with JsonSerializable::jsonSerialize(): mixed, or the #[ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /root/chemex/vendor/laravel/framework/src/Illuminate/Collections/Collection.php on line 836

Deprecated: Return type of Illuminate\Support\LazyCollection::jsonSerialize() should either be compatible with JsonSerializable::jsonSerialize(): mixed, or the #[ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /root/chemex/vendor/laravel/framework/src/Illuminate/Collections/LazyCollection.php on line 836

In Model.php line 25:

During inheritance of JsonSerializable: Uncaught ErrorException: Return type of Illuminate\Database\Eloquent\Model:
:jsonSerialize() should either be compatible with JsonSerializable::jsonSerialize(): mixed, or the #[ReturnTypeWill
Change] attribute should be used to temporarily suppress the notice in /root/chemex/vendor/laravel/framework/src/Il
luminate/Database/Eloquent/Model.php:1429
Stack trace:
#0 /root/chemex/vendor/laravel/framework/src/Illuminate/Database/Eloquent/Model.php(25): Illuminate\Foundation\Boot
strap\HandleExceptions->handleError(8192, 'Return type of ...', '/root/chemex/ve...', 1429)
#1 /root/chemex/vendor/composer/ClassLoader.php(480): include('/root/chemex/ve...')
#2 /root/chemex/vendor/composer/ClassLoader.php(346): Composer\Autoload\includeFile('/root/chemex/ve...')
#3 /root/chemex/vendor/laravel/framework/src/Illuminate/Database/DatabaseServiceProvider.php(42): Composer\Autoload
\ClassLoader->loadClass('Illuminate\Data...')
#4 /root/chemex/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(672): Illuminate\Database\Databa
seServiceProvider->register()
#5 /root/chemex/vendor/laravel/framework/src/Illuminate/Foundation/ProviderRepository.php(75): Illuminate\Foundatio
n\Application->register(Object(Illuminate\Database\DatabaseServiceProvider))
#6 /root/chemex/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(649): Illuminate\Foundation\Prov
iderRepository->load(Array)
#7 /root/chemex/vendor/laravel/framework/src/Illuminate/Foundation/Bootstrap/RegisterProviders.php(17): Illuminate
Foundation\Application->registerConfiguredProviders()
#8 /root/chemex/vendor/laravel/framework/src/Illuminate/Foundation/Application.php(237): Illuminate\Foundation\Boot
strap\RegisterProviders->bootstrap(Object(Illuminate\Foundation\Application))
#9 /root/chemex/vendor/laravel/framework/src/Illuminate/Foundation/Console/Kernel.php(310): Illuminate\Foundation\A
pplication->bootstrapWith(Array)
#10 /root/chemex/vendor/laravel/framework/src/Illuminate/Foundation/Console/Kernel.php(127): Illuminate\Foundation
Console\Kernel->bootstrap()
#11 /root/chemex/artisan(37): Illuminate\Foundation\Console\Kernel->handle(Object(Symfony\Component\Console\Input\A
rgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))
#12 {main}

系统为Ubuntu 21.04,
$uname -a
Linux ecs-IDmC0 5.8.0-63-generic #71-Ubuntu SMP Tue Jul 13 15:59:12 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$php --version
PHP 8.1.0alpha3 (cli) (built: Jul 29 2021 10:01:55) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.1.0-dev, Copyright (c) Zend Technologies

请问如何解决？

烦请有空做一下移动端页面自适应，谢谢！

可不可以设置用户只能查看和盘点自己名下的资产

版本：3.5.3
数据库：mysql5.6
点击搜索，搜索的查询SQL会查询device_records表的purchased、expired字段，而这两个字段类型为date，查询中文时就会报错1271 - Illegal mix of collations for operation 'like'。

已经修复。

Originally posted by @celaraze in https://github.com/celaraze/chemex/issues/31#issuecomment-1056106124

docker-compose up -d

ERROR: Service "db" uses an undefined network "bridge"

资产编号，应该自动生成，如果资产一多，这个编号就难搞了

最新的3.7.1同步LDAP信息到组织中，disable的账号也会被一同同步进来，且状态显示为账户正常，能否同步的时候跳过disable的账户，或者状态显示为账户冻结

保存LDAP配置后，点击测试连接按钮。显示：“执行错误：[object Object]”
在组织中导入LDAP用户，显示：“500 Internal Server Error”
DC使用的是389端口，对接其他系统（如：泛微OA、禅道都正常）

我的Chemex部署在群晖的Docker中的，感觉非常实用！
这两天试用下来发现两个问题：

1. 编辑设备和配件里插入图片的功能用不了 一直显示上传失败 请重试
   请问这个插入图片的功能是不是不能用？还是需要特殊设置？

2. 在群晖里设置反向代理之后一直出现：“此表单不安全 系统已关闭自动填充功能的提示”
   登陆有出现以下提示：
   {"status":true,"data":{"message":"\u767b\u5f55\u6210\u529f !","type":"success","then":{"action":"location","value":"http://********:8099"}}}

请各位大佬帮忙看看是什么问题 谢谢！

如下：docker attch 进入容器后
[mpm_prefork:notice] [pid 10] AH00170: caught SIGWINCH, shutting down gracefully

web_1 | 正在处理数据库迁移！
db_1 | 2022-02-28 7:30:23 4 [Warning] Access denied for user 'chemex'@'172.20.0.1' (using password: YES)
web_1 |
web_1 | Illuminate\Database\QueryException
web_1 |
web_1 | SQLSTATE[HY000] [1045] Access denied for user 'chemex'@'172.20.0.1' (using password: YES) (SQL: select * from information_schema.tables where table_schema = chemex and table_name = migrations and table_type = 'BASE TABLE')
web_1 |
web_1 | at vendor/laravel/framework/src/Illuminate/Database/Connection.php:712
web_1 | 708? // If an exception occurs when attempting to run a query, we'll format the error
web_1 | 709? // message to include the bindings with SQL, which will make this exception a
web_1 | 710? // lot more helpful to the developer instead of just the database's errors.
web_1 | 711? catch (Exception $e) {
web_1 | ? 712? throw new QueryException(
web_1 | 713? $query, $this->prepareBindings($bindings), $e
web_1 | 714? );
web_1 | 715? }
web_1 | 716? }
web_1 |
web_1 | +30 vendor frames
web_1 | 31 app/Console/Commands/Install.php:49
web_1 | Illuminate\Console\Command::call("migrate")
web_1 |
web_1 | +13 vendor frames
web_1 | 45 artisan:37
web_1 | Illuminate\Foundation\Console\Kernel::handle(Object(Symfony\Component\Console\Input\ArgvInput), Object(Symfony\Component\Console\Output\ConsoleOutput))

172.20.0.1 这个地址配置文件中没有配置，找不到来源，导致连接数据库失败

运行安装报错了，php8.0 mysql5.7

我使用docker部署的，docker run运行成功了，但是在容器中初始化时遇到了报错：
`
[root@120 chemex_docker]# docker exec -it chemex /bin/bash
nginx: unrecognized service
php8.1-fpm: unrecognized service
cron: unrecognized service
root@c7ab548bbde5:/var/www/html/laravel# ls
Dockerfile artisan config docs public storage
LICENSE bootstrap database logo.png resources tests
README.md composer.json docker-compose.yml package.json routes vendor
app composer.lock docker-entrypoint.sh phpunit.xml server.php webpack.mix.js
root@c7ab548bbde5:/var/www/html/laravel# cd /var/www/html/laravel && php artisan chemex:install

ErrorException

exec(): Unable to fork [stty 2>&1]

at vendor/symfony/console/Terminal.php:131
127▕ if (!\function_exists('exec')) {
128▕ return false;
129▕ }
130▕
➜ 131▕ exec('stty 2>&1', $output, $exitcode);
132▕
133▕ return self::$stty = 0 === $exitcode;
134▕ }
135▕

  +5 vendor frames 

6 artisan:37
Illuminate\Foundation\Console\Kernel::handle()

不知道该如何解决这个问题，请求帮助； 这是我的系统相关版本：[root@120 chemex_docker]# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
[root@120 chemex_docker]# uname -a
Linux 120.centos.hipro 3.10.0-1160.71.1.el7.x86_64 #1 SMP Tue Jun 28 15:37:28 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
[root@120 chemex_docker]# docker -v
Docker version 18.06.3-ce, build d7080c1`

3.4版本资产不能导入，手工加入资产后导出的Excel也不能导入

新增字段类型为选项
后期对其进行修改
### 无法新增新的选项
无法设置别名

一条资产数据都没有的情况下，因为之前添加过资产编号9，删除了相关记录后，无法再次添加资产编号9的资产，会提示

v3.4.0 用户管理 bug

用户管理，admin可以删除admin本身

设置存储系统时报错
报错信息如下：
`[root@centos7kvm chemex]# php artisan chemex:install
正在优化配置！
Cached events cleared!
Compiled views cleared!
Application cache cleared!
Route cache cleared!
Configuration cache cleared!
Compiled services and packages files removed!
Caches cleared successfully!
正在设置存储系统！

Error

Call to undefined function Illuminate\Filesystem\symlink()

at vendor/laravel/framework/src/Illuminate/Filesystem/Filesystem.php:332
328▕ */
329▕ public function link($target, $link)
330▕ {
331▕ if (! windows_os()) {
➜ 332▕ return symlink($target, $link);
333▕ }
334▕
335▕ $mode = $this->isDirectory($target) ? 'J' : 'H';
336▕

  +11 vendor frames

12 app/Console/Commands/Install.php:43
Illuminate\Console\Command::call()

  +13 vendor frames

26 artisan:37
Illuminate\Foundation\Console\Kernel::handle()
[root@centos7kvm chemex]#`

换了几个测试环境也是超时：error pulling image configuration: download failed after attempts=6: dial tcp 104.18.125.25:443: i/o timeout
换了docker镜像源也是超时

你好 你这个皮肤跟dcat的皮肤 不太一样 是修改了那些地方

表admin_users中的password没有以明文记录，但表admin_settings的ad_password是明文

如题，借出归还后：建议应该 默认回到 借出前的用户（已分配归属的人）