Переглянути джерело

漏洞修复:弱口令(账号存在规律,可大量接管账号)+任意读取所有数据库内的所有内容+大量越权访问导致敏感信息泄露

(包括但不限于身份证,手机号,账号,密码)+越权篡改用户信息
新疆警官学校中职
王晓寒 3 тижднів тому
джерело
коміт
dd61c88921
9 змінених файлів з 134 додано та 10 видалено
  1. +27
    -0
      Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/EmpInfoController.cs
  2. +12
    -0
      Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/StuInfoBasicController.cs
  3. +23
    -0
      Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_OrganizationModule/Controllers/UserController.cs
  4. +14
    -4
      Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_SystemModule/Controllers/DatabaseLinkController.cs
  5. +40
    -0
      Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_SystemModule/Controllers/DatabaseTableController.cs
  6. +6
    -1
      Learun.Framework.Ultimate V7/Learun.Application.Web/Controllers/LoginController.cs
  7. +1
    -4
      Learun.Framework.Ultimate V7/Learun.Application.Web/Learun.Application.Web.csproj
  8. +1
    -1
      Learun.Framework.Ultimate V7/Learun.Application.Web/Views/Login/Default.cshtml
  9. +10
    -0
      Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Cache/Learun.Cache.Redis/CacheByRedis.cs

+ 27
- 0
Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/EmpInfoController.cs Переглянути файл

@@ -172,6 +172,17 @@ namespace Learun.Application.Web.Areas.EducationalAdministration.Controllers
[AjaxOnly]
public ActionResult GetPageList(string pagination, string queryJson)
{
var user = LoginUserInfo.Get();
if (user.Description == "学生")
{
return Fail("不允许学生查看教师信息");
}
if (user.Description == "教师")
{
var json=queryJson.ToJObject();
json["EmpNo"] = user.enCode;
queryJson=json.ToString();
}
Pagination paginationobj = pagination.ToObject<Pagination>();
var data = empInfoIBLL.GetPageList(paginationobj, queryJson);
var jsonData = new
@@ -302,6 +313,22 @@ namespace Learun.Application.Web.Areas.EducationalAdministration.Controllers
entity.resume = WebHelper.HtmlEncode(entity.resume);
entity.SyncFlag = false;
var model = empInfoIBLL.GetEmpInfoEntityByEmpNo(entity.EmpNo);
var user = LoginUserInfo.Get();
if (user.Description=="学生")
{
return Fail("不允许学生修改教师信息");
}
if (user.Description == "教师")
{
if (string.IsNullOrEmpty(keyValue))
{
return Fail("不允许教师新增教师信息");
}
if (entity.EmpId!=keyValue||entity.EmpNo != user.account)
{
return Fail("只允许教师修改自己的信息");
}
}
var model_mobile = empInfoIBLL.GetEmpInfoEntityByMobile(entity.mobile);
if (string.IsNullOrEmpty(keyValue))
{


+ 12
- 0
Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/StuInfoBasicController.cs Переглянути файл

@@ -574,6 +574,18 @@ namespace Learun.Application.Web.Areas.EducationalAdministration.Controllers
[AjaxOnly]
public ActionResult SaveForm(string keyValue, string strEntity)
{
var user = LoginUserInfo.Get();
if (user.Description == "学生")
{
if (string.IsNullOrEmpty(keyValue))
{
return Fail("不允许学生添加信息");
}
if (keyValue!=user.userId)
{
return Fail("不允许学生修改其他学生信息");
}
}
StuInfoBasicEntity entity = strEntity.ToObject<StuInfoBasicEntity>();
entity.SyncFlag = false;
var model = stuInfoBasicIBLL.GetStuInfoBasicEntityByStuNo(entity.StuNo);


+ 23
- 0
Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_OrganizationModule/Controllers/UserController.cs Переглянути файл

@@ -98,6 +98,16 @@ namespace Learun.Application.Web.Areas.LR_OrganizationModule.Controllers
[AjaxOnly]
public ActionResult GetPageList(string pagination, string keyword, string companyId, string departmentId, string tp)
{
var user = LoginUserInfo.Get();
if (user.Description == "学生")
{
keyword = user.account;
tp = null;
}
if (user.Description == "教师")
{
tp = "1";
}
Pagination paginationobj = pagination.ToObject<Pagination>();
var data = userIBLL.GetPageList(companyId, departmentId, paginationobj, keyword, tp);
var jsonData = new
@@ -120,6 +130,11 @@ namespace Learun.Application.Web.Areas.LR_OrganizationModule.Controllers
[AjaxOnly]
public ActionResult GetList(string companyId, string departmentId, string keyword)
{
var user = LoginUserInfo.Get();
if (user.Description == "学生")
{
keyword = user.account;
}
if (string.IsNullOrEmpty(companyId))
{
var department = departmentIBLL.GetEntity(departmentId);
@@ -303,6 +318,14 @@ namespace Learun.Application.Web.Areas.LR_OrganizationModule.Controllers
[AjaxOnly]
public ActionResult SaveForm(string keyValue, UserEntity entity)
{
var user = LoginUserInfo.Get();
if (user.Description == "学生"|| user.Description == "教师")
{
if (keyValue != user.userId)
{
return Fail("只允许修改自己的信息");
}
}
userIBLL.SaveEntity(keyValue, entity);
return Success("保存成功!");
}


+ 14
- 4
Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_SystemModule/Controllers/DatabaseLinkController.cs Переглянути файл

@@ -13,7 +13,7 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
/// </summary>
public class DatabaseLinkController : MvcControllerBase
{
DatabaseLinkIBLL databaseLinkIBLL = new DatabaseLinkBLL();
DatabaseLinkIBLL databaseLinkIBLL = new DatabaseLinkBLL();

#region 获取视图
/// <summary>
@@ -46,6 +46,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
[AjaxOnly]
public ActionResult GetList(string keyword)
{
var user = LoginUserInfo.Get();
if (user.Description != "管理员")
{
return Fail("不允许的操作");
}
var data = databaseLinkIBLL.GetListByNoConnection(keyword);
return JsonResult(data);
}
@@ -83,9 +88,14 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
[AjaxOnly]
public ActionResult GetTreeList()
{
var user = LoginUserInfo.Get();
if (user.Description != "管理员")
{
return Fail("不允许的操作");
}
var data = databaseLinkIBLL.GetTreeList();
return JsonResult(data);
}
}

#endregion

@@ -135,9 +145,9 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
/// <returns></returns>
[HttpPost]
[AjaxOnly]
public ActionResult TestConnection(string connection, string dbType,string keyValue)
public ActionResult TestConnection(string connection, string dbType, string keyValue)
{
bool res = databaseLinkIBLL.TestConnection(connection, dbType,keyValue);
bool res = databaseLinkIBLL.TestConnection(connection, dbType, keyValue);
if (res)
{
return Success("连接成功!");


+ 40
- 0
Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_SystemModule/Controllers/DatabaseTableController.cs Переглянути файл

@@ -87,6 +87,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
[AjaxOnly]
public ActionResult GetList(string databaseLinkId,string tableName)
{
var user = LoginUserInfo.Get();
if (user.Description != "管理员")
{
return Fail("不允许的操作");
}
var data = databaseTableIBLL.GetTableList(databaseLinkId, tableName);
return JsonResult(data);
}
@@ -100,6 +105,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
[AjaxOnly]
public ActionResult GetDraftList(string queryJson)
{
var user = LoginUserInfo.Get();
if (user.Description != "管理员")
{
return Fail("不允许的操作");
}
var data = dbDraftIBLL.GetList(queryJson);
return JsonResult(data);
}
@@ -113,6 +123,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
[HttpGet]
[AjaxOnly]
public ActionResult GetFieldList(string databaseLinkId, string tableName) {
var user = LoginUserInfo.Get();
if (user.Description != "管理员")
{
return Fail("不允许的操作");
}
var data = databaseTableIBLL.GetTableFiledList(databaseLinkId, tableName);
return JsonResult(data);
}
@@ -130,6 +145,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
[AjaxOnly]
public ActionResult GetTableDataList(string databaseLinkId, string tableName, string field, string logic, string keyword, string pagination)
{
var user = LoginUserInfo.Get();
if (user.Description != "管理员")
{
return Fail("不允许的操作");
}
Pagination paginationobj = pagination.ToObject<Pagination>();
var data = databaseTableIBLL.GetTableDataList(databaseLinkId, tableName, field, logic, keyword, paginationobj);
var jsonData = new
@@ -151,6 +171,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
[AjaxOnly]
public ActionResult GetTableDataAllList(string databaseLinkId, string tableName)
{
var user = LoginUserInfo.Get();
if (user.Description != "管理员")
{
return Fail("不允许的操作");
}
var data = databaseTableIBLL.GetTableDataList(databaseLinkId, tableName);
return JsonResult(data);
}
@@ -163,6 +188,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
[AjaxOnly]
public ActionResult GetTreeList(string parentId)
{
var user = LoginUserInfo.Get();
if (user.Description != "管理员")
{
return Fail("不允许的操作");
}
var data = databaseTableIBLL.GetTreeList(parentId);
return JsonResult(data);
}
@@ -174,6 +204,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
/// <returns></returns>
public ActionResult GetFieldTreeList(string databaseLinkId, string tableName)
{
var user = LoginUserInfo.Get();
if (user.Description != "管理员")
{
return Fail("不允许的操作");
}
var data = databaseTableIBLL.GetFiledTreeList(databaseLinkId, tableName);
return JsonResult(data);
}
@@ -185,6 +220,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
/// <returns></returns>
public ActionResult GetSqlColName(string databaseLinkId, string strSql)
{
var user = LoginUserInfo.Get();
if (user.Description != "管理员")
{
return Fail("不允许的操作");
}
var data = databaseTableIBLL.GetSqlColName(databaseLinkId, strSql);
return JsonResult(data);
}


+ 6
- 1
Learun.Framework.Ultimate V7/Learun.Application.Web/Controllers/LoginController.cs Переглянути файл

@@ -555,7 +555,6 @@ namespace Learun.Application.Web.Controllers
//[HandlerValidateAntiForgeryToken]
public ActionResult CheckLogin(string username, string password, string verifycode, string up, string defaultPwdTip)
{

int error = OperatorHelper.Instance.GetCurrentErrorNum();
if (error >= 3)
{
@@ -634,6 +633,12 @@ namespace Learun.Application.Web.Controllers
}
else
{
var key = $"login_attempts:{GetIP()}";
var currentAttempts = _redis.StringIncrement(key,15);
if (currentAttempts > 10)
{
return Fail("登录次数10分钟超过10次,已被禁止登录,请20分钟后重试!", error);
}
//记录ip
userBll.UpdateIp(GetIP(), userEntity.F_UserId);
OperatorHelper.Instance.AddLoginUser(userEntity.F_Account, "Learun_ADMS_6.1_PC", null);//写入缓存信息


+ 1
- 4
Learun.Framework.Ultimate V7/Learun.Application.Web/Learun.Application.Web.csproj Переглянути файл

@@ -23,7 +23,7 @@
<SolutionDir Condition="$(SolutionDir) == '' Or $(SolutionDir) == '*Undefined*'">..\..\..\</SolutionDir>
<RestorePackages>true</RestorePackages>
<UseGlobalApplicationHostFile />
<Use64BitIISExpress />
<Use64BitIISExpress>false</Use64BitIISExpress>
<SccProjectName>
</SccProjectName>
<SccLocalPath>
@@ -104,9 +104,6 @@
<Reference Include="Microsoft.Practices.Unity.RegistrationByConvention">
<HintPath>..\packages\Unity.4.0.1\lib\net45\Microsoft.Practices.Unity.RegistrationByConvention.dll</HintPath>
</Reference>
<Reference Include="Microsoft.QualityTools.Testing.Fakes, Version=12.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
<SpecificVersion>False</SpecificVersion>
</Reference>
<Reference Include="Microsoft.Web.Infrastructure, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
<HintPath>..\packages\Microsoft.Web.Infrastructure.1.0.0.0\lib\net40\Microsoft.Web.Infrastructure.dll</HintPath>
<Private>True</Private>


+ 1
- 1
Learun.Framework.Ultimate V7/Learun.Application.Web/Views/Login/Default.cshtml Переглянути файл

@@ -86,7 +86,7 @@
<div class="lr-login-bypsw noreg">
<div class="error_info">*&nbsp;<span>密码不正确</span></div>
<div class="lr-login-input">
<img class="inp_icon" src="~/Content/images/Login/default_account0.png" alt=""> <input id="lr_username" type="text" placeholder="身份证号">
<img class="inp_icon" src="~/Content/images/Login/default_account0.png" alt=""> <input id="lr_username" type="text" placeholder="身份证号/学号">
</div>
<div class="lr-login-input">
<img class="inp_icon" src="~/Content/images/Login/default_psw0.png" alt=""><input id="lr_password" type="password" placeholder="密码">


+ 10
- 0
Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Cache/Learun.Cache.Redis/CacheByRedis.cs Переглянути файл

@@ -138,6 +138,16 @@ namespace Learun.Cache.Redis
return new RedisCache(dbId, null).ListLength(cacheKey);
}

public double StringIncrement(string cacheKey, int dbId = 0)
{
var current = new RedisCache(dbId, null).StringIncrement(cacheKey);
if (current == 1)
{
new RedisCache(dbId, null).KeyExpire(cacheKey, TimeSpan.FromMinutes(10));
}
return current;
}

#endregion 同步方法

#endregion List


Завантаження…
Відмінити
Зберегти