Authentication Bypass vulnerability

The shiro version used by LuckyFrameWeb is 1.5.0. The shiro configuration has bypass rules

*com.luckyframe.framework.config.ShiroConfig#shiroFilterFactoryBean*
![image](https://user-images.githubusercontent.com/50647385/207210180-e54d11b1-6528-43e5-a2e1-6c68ee1e0a51.png)

Normal access, response status 302

![image](https://user-images.githubusercontent.com/50647385/207210441-36401429-0858-4ab3-8b5a-0a1fc79f78fb.png)

Use ***/..;/*** to bypass

![image](https://user-images.githubusercontent.com/50647385/207210222-9fccd408-b094-470f-8989-499c85615902.png)



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Authentication Bypass vulnerability #19

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Authentication Bypass vulnerability #19

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions