fix idor bug

whgojp · whgojp · commit 204f4827f31b · 2024-11-12T09:26:39.000+08:00
diff --git a/src/main/java/top/whgojp/modules/logic/idor/controller/VerticalController.java b/src/main/java/top/whgojp/modules/logic/idor/controller/VerticalController.java
@@ -22,16 +22,16 @@
 @RequestMapping("/logic/idor/vertical")
 public class VerticalController {
     @RequestMapping("")
-    public String vertical(){
+    public String vertical() {
         return "vul/logic/idor/vertical";
     }
 
     @GetMapping("/vul")
-    public String vul(){
-            String currentUsername = SecurityContextHolder.getContext().getAuthentication().getName();
-            if ("admin".equals(currentUsername)) {
-                return "common/401";
-            }else return "/vul/logic/idor/admin";
+    public String vul() {
+        String currentUsername = SecurityContextHolder.getContext().getAuthentication().getName();
+        if ("admin".equals(currentUsername)) {
+            return "/vul/logic/idor/admin";
+        } else return "common/401";
     }
 
 }
diff --git a/src/main/resources/static/js/staticcode.js b/src/main/resources/static/js/staticcode.js
@@ -1053,11 +1053,11 @@ const safeBlackList = "public String safe2(String payload) {\n" +
 // 漏洞漏洞
 
 // 越权漏洞
-const vulHorizon = "public String vul(){\n" +
+const vulHorizon = "public String vul() {\n" +
     "\tString currentUsername = SecurityContextHolder.getContext().getAuthentication().getName();\n" +
     "\tif (\"admin\".equals(currentUsername)) {\n" +
-    "\t\treturn \"common/401\";\n" +
-    "\t}else return \"/vul/logic/idor/admin\";\n" +
+    "\t\treturn \"/vul/logic/idor/admin\";\n" +
+    "\t} else return \"common/401\";\n" +
     "}"
 const safeHorizon = "public R safe(String username){\n" +
     "    // 获取当前登录的用户名\n" +
diff --git a/src/main/resources/templates/vul/logic/idor/horizontal.html b/src/main/resources/templates/vul/logic/idor/horizontal.html
@@ -155,8 +155,8 @@ <h1><span class="iconfont icon-code"> 安全代码</span></h1>
             form = layui.form,
             upload = layui.upload;
 
-        common.formListenFun("vul-horizontal-button", "", "/logic/idor/getUserInfo", "vul-horizontal-result", "get");
-        common.formListenFun("safe-horizontal-button", "", "/logic/idor/safe", "safe-horizontal-result", "get");
+        common.formListenFun("vul-horizontal-button", "", "/logic/idor/horizontal/getUserInfo", "vul-horizontal-result", "get");
+        common.formListenFun("safe-horizontal-button", "", "/logic/idor/horizontal/safe", "safe-horizontal-result", "get");
 
 
         miniTab.listen();
diff --git a/src/main/resources/templates/vul/logic/idor/vertical.html b/src/main/resources/templates/vul/logic/idor/vertical.html
@@ -32,7 +32,7 @@ <h1><span class="iconfont icon-bug"> 漏洞环境：垂直越权管理员</span>
                                 <div class="layui-tab-item layui-show">
                                     <blockquote class="layui-elem-quote main_btn">
                                         <p>这里简单模拟一下垂直越权</p>
-                                        <a target="_blank" href="/logic/idor/vul">
+                                        <a target="_blank" href="/logic/idor/vertical/vul">
                                             <button class="layui-btn layui-btn-normal" style="width: 100px; margin-left: 10px;">
                                                 <span class="iconfont icon-zhihang">Run</span>
                                             </button>
