Kaynağa Gözat
漏洞修复:弱口令(账号存在规律,可大量接管账号)+任意读取所有数据库内的所有内容+大量越权访问导致敏感信息泄露
(包括但不限于身份证,手机号,账号,密码)+越权篡改用户信息新疆警官学校中职
9 değiştirilmiş dosya ile 134 ekleme ve 10 silme
Görünümü Böl
Diff Seçenekleri
-
+27 -0Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/EmpInfoController.cs
-
+12 -0Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/StuInfoBasicController.cs
-
+23 -0Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_OrganizationModule/Controllers/UserController.cs
-
+14 -4Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_SystemModule/Controllers/DatabaseLinkController.cs
-
+40 -0Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_SystemModule/Controllers/DatabaseTableController.cs
-
+6 -1Learun.Framework.Ultimate V7/Learun.Application.Web/Controllers/LoginController.cs
-
+1 -4Learun.Framework.Ultimate V7/Learun.Application.Web/Learun.Application.Web.csproj
-
+1 -1Learun.Framework.Ultimate V7/Learun.Application.Web/Views/Login/Default.cshtml
-
+10 -0Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Cache/Learun.Cache.Redis/CacheByRedis.cs
+ 27
- 0
Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/EmpInfoController.cs
Dosyayı Görüntüle
| @@ -172,6 +172,17 @@ namespace Learun.Application.Web.Areas.EducationalAdministration.Controllers | |||
| [AjaxOnly] | |||
| public ActionResult GetPageList(string pagination, string queryJson) | |||
| { | |||
| var user = LoginUserInfo.Get(); | |||
| if (user.Description == "学生") | |||
| { | |||
| return Fail("不允许学生查看教师信息"); | |||
| } | |||
| if (user.Description == "教师") | |||
| { | |||
| var json=queryJson.ToJObject(); | |||
| json["EmpNo"] = user.enCode; | |||
| queryJson=json.ToString(); | |||
| } | |||
| Pagination paginationobj = pagination.ToObject<Pagination>(); | |||
| var data = empInfoIBLL.GetPageList(paginationobj, queryJson); | |||
| var jsonData = new | |||
| @@ -302,6 +313,22 @@ namespace Learun.Application.Web.Areas.EducationalAdministration.Controllers | |||
| entity.resume = WebHelper.HtmlEncode(entity.resume); | |||
| entity.SyncFlag = false; | |||
| var model = empInfoIBLL.GetEmpInfoEntityByEmpNo(entity.EmpNo); | |||
| var user = LoginUserInfo.Get(); | |||
| if (user.Description=="学生") | |||
| { | |||
| return Fail("不允许学生修改教师信息"); | |||
| } | |||
| if (user.Description == "教师") | |||
| { | |||
| if (string.IsNullOrEmpty(keyValue)) | |||
| { | |||
| return Fail("不允许教师新增教师信息"); | |||
| } | |||
| if (entity.EmpId!=keyValue||entity.EmpNo != user.account) | |||
| { | |||
| return Fail("只允许教师修改自己的信息"); | |||
| } | |||
| } | |||
| var model_mobile = empInfoIBLL.GetEmpInfoEntityByMobile(entity.mobile); | |||
| if (string.IsNullOrEmpty(keyValue)) | |||
| { | |||
+ 12
- 0
Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/StuInfoBasicController.cs
Dosyayı Görüntüle
| @@ -574,6 +574,18 @@ namespace Learun.Application.Web.Areas.EducationalAdministration.Controllers | |||
| [AjaxOnly] | |||
| public ActionResult SaveForm(string keyValue, string strEntity) | |||
| { | |||
| var user = LoginUserInfo.Get(); | |||
| if (user.Description == "学生") | |||
| { | |||
| if (string.IsNullOrEmpty(keyValue)) | |||
| { | |||
| return Fail("不允许学生添加信息"); | |||
| } | |||
| if (keyValue!=user.userId) | |||
| { | |||
| return Fail("不允许学生修改其他学生信息"); | |||
| } | |||
| } | |||
| StuInfoBasicEntity entity = strEntity.ToObject<StuInfoBasicEntity>(); | |||
| entity.SyncFlag = false; | |||
| var model = stuInfoBasicIBLL.GetStuInfoBasicEntityByStuNo(entity.StuNo); | |||
+ 23
- 0
Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_OrganizationModule/Controllers/UserController.cs
Dosyayı Görüntüle
| @@ -98,6 +98,16 @@ namespace Learun.Application.Web.Areas.LR_OrganizationModule.Controllers | |||
| [AjaxOnly] | |||
| public ActionResult GetPageList(string pagination, string keyword, string companyId, string departmentId, string tp) | |||
| { | |||
| var user = LoginUserInfo.Get(); | |||
| if (user.Description == "学生") | |||
| { | |||
| keyword = user.account; | |||
| tp = null; | |||
| } | |||
| if (user.Description == "教师") | |||
| { | |||
| tp = "1"; | |||
| } | |||
| Pagination paginationobj = pagination.ToObject<Pagination>(); | |||
| var data = userIBLL.GetPageList(companyId, departmentId, paginationobj, keyword, tp); | |||
| var jsonData = new | |||
| @@ -120,6 +130,11 @@ namespace Learun.Application.Web.Areas.LR_OrganizationModule.Controllers | |||
| [AjaxOnly] | |||
| public ActionResult GetList(string companyId, string departmentId, string keyword) | |||
| { | |||
| var user = LoginUserInfo.Get(); | |||
| if (user.Description == "学生") | |||
| { | |||
| keyword = user.account; | |||
| } | |||
| if (string.IsNullOrEmpty(companyId)) | |||
| { | |||
| var department = departmentIBLL.GetEntity(departmentId); | |||
| @@ -303,6 +318,14 @@ namespace Learun.Application.Web.Areas.LR_OrganizationModule.Controllers | |||
| [AjaxOnly] | |||
| public ActionResult SaveForm(string keyValue, UserEntity entity) | |||
| { | |||
| var user = LoginUserInfo.Get(); | |||
| if (user.Description == "学生"|| user.Description == "教师") | |||
| { | |||
| if (keyValue != user.userId) | |||
| { | |||
| return Fail("只允许修改自己的信息"); | |||
| } | |||
| } | |||
| userIBLL.SaveEntity(keyValue, entity); | |||
| return Success("保存成功!"); | |||
| } | |||
+ 14
- 4
Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_SystemModule/Controllers/DatabaseLinkController.cs
Dosyayı Görüntüle
| @@ -13,7 +13,7 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers | |||
| /// </summary> | |||
| public class DatabaseLinkController : MvcControllerBase | |||
| { | |||
| DatabaseLinkIBLL databaseLinkIBLL = new DatabaseLinkBLL(); | |||
| DatabaseLinkIBLL databaseLinkIBLL = new DatabaseLinkBLL(); | |||
| #region 获取视图 | |||
| /// <summary> | |||
| @@ -46,6 +46,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers | |||
| [AjaxOnly] | |||
| public ActionResult GetList(string keyword) | |||
| { | |||
| var user = LoginUserInfo.Get(); | |||
| if (user.Description != "管理员") | |||
| { | |||
| return Fail("不允许的操作"); | |||
| } | |||
| var data = databaseLinkIBLL.GetListByNoConnection(keyword); | |||
| return JsonResult(data); | |||
| } | |||
| @@ -83,9 +88,14 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers | |||
| [AjaxOnly] | |||
| public ActionResult GetTreeList() | |||
| { | |||
| var user = LoginUserInfo.Get(); | |||
| if (user.Description != "管理员") | |||
| { | |||
| return Fail("不允许的操作"); | |||
| } | |||
| var data = databaseLinkIBLL.GetTreeList(); | |||
| return JsonResult(data); | |||
| } | |||
| } | |||
| #endregion | |||
| @@ -135,9 +145,9 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers | |||
| /// <returns></returns> | |||
| [HttpPost] | |||
| [AjaxOnly] | |||
| public ActionResult TestConnection(string connection, string dbType,string keyValue) | |||
| public ActionResult TestConnection(string connection, string dbType, string keyValue) | |||
| { | |||
| bool res = databaseLinkIBLL.TestConnection(connection, dbType,keyValue); | |||
| bool res = databaseLinkIBLL.TestConnection(connection, dbType, keyValue); | |||
| if (res) | |||
| { | |||
| return Success("连接成功!"); | |||
+ 40
- 0
Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_SystemModule/Controllers/DatabaseTableController.cs
Dosyayı Görüntüle
| @@ -87,6 +87,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers | |||
| [AjaxOnly] | |||
| public ActionResult GetList(string databaseLinkId,string tableName) | |||
| { | |||
| var user = LoginUserInfo.Get(); | |||
| if (user.Description != "管理员") | |||
| { | |||
| return Fail("不允许的操作"); | |||
| } | |||
| var data = databaseTableIBLL.GetTableList(databaseLinkId, tableName); | |||
| return JsonResult(data); | |||
| } | |||
| @@ -100,6 +105,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers | |||
| [AjaxOnly] | |||
| public ActionResult GetDraftList(string queryJson) | |||
| { | |||
| var user = LoginUserInfo.Get(); | |||
| if (user.Description != "管理员") | |||
| { | |||
| return Fail("不允许的操作"); | |||
| } | |||
| var data = dbDraftIBLL.GetList(queryJson); | |||
| return JsonResult(data); | |||
| } | |||
| @@ -113,6 +123,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers | |||
| [HttpGet] | |||
| [AjaxOnly] | |||
| public ActionResult GetFieldList(string databaseLinkId, string tableName) { | |||
| var user = LoginUserInfo.Get(); | |||
| if (user.Description != "管理员") | |||
| { | |||
| return Fail("不允许的操作"); | |||
| } | |||
| var data = databaseTableIBLL.GetTableFiledList(databaseLinkId, tableName); | |||
| return JsonResult(data); | |||
| } | |||
| @@ -130,6 +145,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers | |||
| [AjaxOnly] | |||
| public ActionResult GetTableDataList(string databaseLinkId, string tableName, string field, string logic, string keyword, string pagination) | |||
| { | |||
| var user = LoginUserInfo.Get(); | |||
| if (user.Description != "管理员") | |||
| { | |||
| return Fail("不允许的操作"); | |||
| } | |||
| Pagination paginationobj = pagination.ToObject<Pagination>(); | |||
| var data = databaseTableIBLL.GetTableDataList(databaseLinkId, tableName, field, logic, keyword, paginationobj); | |||
| var jsonData = new | |||
| @@ -151,6 +171,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers | |||
| [AjaxOnly] | |||
| public ActionResult GetTableDataAllList(string databaseLinkId, string tableName) | |||
| { | |||
| var user = LoginUserInfo.Get(); | |||
| if (user.Description != "管理员") | |||
| { | |||
| return Fail("不允许的操作"); | |||
| } | |||
| var data = databaseTableIBLL.GetTableDataList(databaseLinkId, tableName); | |||
| return JsonResult(data); | |||
| } | |||
| @@ -163,6 +188,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers | |||
| [AjaxOnly] | |||
| public ActionResult GetTreeList(string parentId) | |||
| { | |||
| var user = LoginUserInfo.Get(); | |||
| if (user.Description != "管理员") | |||
| { | |||
| return Fail("不允许的操作"); | |||
| } | |||
| var data = databaseTableIBLL.GetTreeList(parentId); | |||
| return JsonResult(data); | |||
| } | |||
| @@ -174,6 +204,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers | |||
| /// <returns></returns> | |||
| public ActionResult GetFieldTreeList(string databaseLinkId, string tableName) | |||
| { | |||
| var user = LoginUserInfo.Get(); | |||
| if (user.Description != "管理员") | |||
| { | |||
| return Fail("不允许的操作"); | |||
| } | |||
| var data = databaseTableIBLL.GetFiledTreeList(databaseLinkId, tableName); | |||
| return JsonResult(data); | |||
| } | |||
| @@ -185,6 +220,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers | |||
| /// <returns></returns> | |||
| public ActionResult GetSqlColName(string databaseLinkId, string strSql) | |||
| { | |||
| var user = LoginUserInfo.Get(); | |||
| if (user.Description != "管理员") | |||
| { | |||
| return Fail("不允许的操作"); | |||
| } | |||
| var data = databaseTableIBLL.GetSqlColName(databaseLinkId, strSql); | |||
| return JsonResult(data); | |||
| } | |||
+ 6
- 1
Learun.Framework.Ultimate V7/Learun.Application.Web/Controllers/LoginController.cs
Dosyayı Görüntüle
| @@ -555,7 +555,6 @@ namespace Learun.Application.Web.Controllers | |||
| //[HandlerValidateAntiForgeryToken] | |||
| public ActionResult CheckLogin(string username, string password, string verifycode, string up, string defaultPwdTip) | |||
| { | |||
| int error = OperatorHelper.Instance.GetCurrentErrorNum(); | |||
| if (error >= 3) | |||
| { | |||
| @@ -634,6 +633,12 @@ namespace Learun.Application.Web.Controllers | |||
| } | |||
| else | |||
| { | |||
| var key = $"login_attempts:{GetIP()}"; | |||
| var currentAttempts = _redis.StringIncrement(key,15); | |||
| if (currentAttempts > 10) | |||
| { | |||
| return Fail("登录次数10分钟超过10次,已被禁止登录,请20分钟后重试!", error); | |||
| } | |||
| //记录ip | |||
| userBll.UpdateIp(GetIP(), userEntity.F_UserId); | |||
| OperatorHelper.Instance.AddLoginUser(userEntity.F_Account, "Learun_ADMS_6.1_PC", null);//写入缓存信息 | |||
+ 1
- 4
Learun.Framework.Ultimate V7/Learun.Application.Web/Learun.Application.Web.csproj
Dosyayı Görüntüle
| @@ -23,7 +23,7 @@ | |||
| <SolutionDir Condition="$(SolutionDir) == '' Or $(SolutionDir) == '*Undefined*'">..\..\..\</SolutionDir> | |||
| <RestorePackages>true</RestorePackages> | |||
| <UseGlobalApplicationHostFile /> | |||
| <Use64BitIISExpress /> | |||
| <Use64BitIISExpress>false</Use64BitIISExpress> | |||
| <SccProjectName> | |||
| </SccProjectName> | |||
| <SccLocalPath> | |||
| @@ -104,9 +104,6 @@ | |||
| <Reference Include="Microsoft.Practices.Unity.RegistrationByConvention"> | |||
| <HintPath>..\packages\Unity.4.0.1\lib\net45\Microsoft.Practices.Unity.RegistrationByConvention.dll</HintPath> | |||
| </Reference> | |||
| <Reference Include="Microsoft.QualityTools.Testing.Fakes, Version=12.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL"> | |||
| <SpecificVersion>False</SpecificVersion> | |||
| </Reference> | |||
| <Reference Include="Microsoft.Web.Infrastructure, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL"> | |||
| <HintPath>..\packages\Microsoft.Web.Infrastructure.1.0.0.0\lib\net40\Microsoft.Web.Infrastructure.dll</HintPath> | |||
| <Private>True</Private> | |||
+ 1
- 1
Learun.Framework.Ultimate V7/Learun.Application.Web/Views/Login/Default.cshtml
Dosyayı Görüntüle
| @@ -86,7 +86,7 @@ | |||
| <div class="lr-login-bypsw noreg"> | |||
| <div class="error_info">* <span>密码不正确</span></div> | |||
| <div class="lr-login-input"> | |||
| <img class="inp_icon" src="~/Content/images/Login/default_account0.png" alt=""> <input id="lr_username" type="text" placeholder="身份证号"> | |||
| <img class="inp_icon" src="~/Content/images/Login/default_account0.png" alt=""> <input id="lr_username" type="text" placeholder="身份证号/学号"> | |||
| </div> | |||
| <div class="lr-login-input"> | |||
| <img class="inp_icon" src="~/Content/images/Login/default_psw0.png" alt=""><input id="lr_password" type="password" placeholder="密码"> | |||
+ 10
- 0
Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Cache/Learun.Cache.Redis/CacheByRedis.cs
Dosyayı Görüntüle
| @@ -138,6 +138,16 @@ namespace Learun.Cache.Redis | |||
| return new RedisCache(dbId, null).ListLength(cacheKey); | |||
| } | |||
| public double StringIncrement(string cacheKey, int dbId = 0) | |||
| { | |||
| var current = new RedisCache(dbId, null).StringIncrement(cacheKey); | |||
| if (current == 1) | |||
| { | |||
| new RedisCache(dbId, null).KeyExpire(cacheKey, TimeSpan.FromMinutes(10)); | |||
| } | |||
| return current; | |||
| } | |||
| #endregion 同步方法 | |||
| #endregion List | |||