bjquanjiang
/
DigitalScholl
1
0
Fork 0
Código Issues 0 Pull requests 0 Versões 0 Wiki Atividade
Ver código fonte

漏洞修复:弱口令(账号存在规律,可大量接管账号)+任意读取所有数据库内的所有内容+大量越权访问导致敏感信息泄露 

(包括但不限于身份证,手机号,账号,密码)+越权篡改用户信息
新疆警官学校中职
王晓寒 2 semanas atrás
pai
b5a7955c2a
commit
dd61c88921
9 arquivos alterados com 134 adições e 10 exclusões
Visão unificada
Opções de diferenças
Mostrar estatísticas Baixar arquivo de patch Baixar arquivo de diferenças
  1. +27
    -0
      Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/EmpInfoController.cs
  2. +12
    -0
      Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/StuInfoBasicController.cs
  3. +23
    -0
      Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_OrganizationModule/Controllers/UserController.cs
  4. +14
    -4
      Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_SystemModule/Controllers/DatabaseLinkController.cs
  5. +40
    -0
      Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_SystemModule/Controllers/DatabaseTableController.cs
  6. +6
    -1
      Learun.Framework.Ultimate V7/Learun.Application.Web/Controllers/LoginController.cs
  7. +1
    -4
      Learun.Framework.Ultimate V7/Learun.Application.Web/Learun.Application.Web.csproj
  8. +1
    -1
      Learun.Framework.Ultimate V7/Learun.Application.Web/Views/Login/Default.cshtml
  9. +10
    -0
      Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Cache/Learun.Cache.Redis/CacheByRedis.cs

+ 27
- 0
Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/EmpInfoController.cs Ver arquivo

@@ -172,6 +172,17 @@ namespace Learun.Application.Web.Areas.EducationalAdministration.Controllers
[AjaxOnly] [AjaxOnly]
public ActionResult GetPageList(string pagination, string queryJson) public ActionResult GetPageList(string pagination, string queryJson)
{ {
var user = LoginUserInfo.Get();
if (user.Description == "学生")
{
return Fail("不允许学生查看教师信息");
}
if (user.Description == "教师")
{
var json=queryJson.ToJObject();
json["EmpNo"] = user.enCode;
queryJson=json.ToString();
}
Pagination paginationobj = pagination.ToObject<Pagination>(); Pagination paginationobj = pagination.ToObject<Pagination>();
var data = empInfoIBLL.GetPageList(paginationobj, queryJson); var data = empInfoIBLL.GetPageList(paginationobj, queryJson);
var jsonData = new var jsonData = new
@@ -302,6 +313,22 @@ namespace Learun.Application.Web.Areas.EducationalAdministration.Controllers
entity.resume = WebHelper.HtmlEncode(entity.resume); entity.resume = WebHelper.HtmlEncode(entity.resume);
entity.SyncFlag = false; entity.SyncFlag = false;
var model = empInfoIBLL.GetEmpInfoEntityByEmpNo(entity.EmpNo); var model = empInfoIBLL.GetEmpInfoEntityByEmpNo(entity.EmpNo);
var user = LoginUserInfo.Get();
if (user.Description=="学生")
{
return Fail("不允许学生修改教师信息");
}
if (user.Description == "教师")
{
if (string.IsNullOrEmpty(keyValue))
{
return Fail("不允许教师新增教师信息");
}
if (entity.EmpId!=keyValue||entity.EmpNo != user.account)
{
return Fail("只允许教师修改自己的信息");
}
}
var model_mobile = empInfoIBLL.GetEmpInfoEntityByMobile(entity.mobile); var model_mobile = empInfoIBLL.GetEmpInfoEntityByMobile(entity.mobile);
if (string.IsNullOrEmpty(keyValue)) if (string.IsNullOrEmpty(keyValue))
{ {


+ 12
- 0
Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/EducationalAdministration/Controllers/StuInfoBasicController.cs Ver arquivo

@@ -574,6 +574,18 @@ namespace Learun.Application.Web.Areas.EducationalAdministration.Controllers
[AjaxOnly] [AjaxOnly]
public ActionResult SaveForm(string keyValue, string strEntity) public ActionResult SaveForm(string keyValue, string strEntity)
{ {
var user = LoginUserInfo.Get();
if (user.Description == "学生")
{
if (string.IsNullOrEmpty(keyValue))
{
return Fail("不允许学生添加信息");
}
if (keyValue!=user.userId)
{
return Fail("不允许学生修改其他学生信息");
}
}
StuInfoBasicEntity entity = strEntity.ToObject<StuInfoBasicEntity>(); StuInfoBasicEntity entity = strEntity.ToObject<StuInfoBasicEntity>();
entity.SyncFlag = false; entity.SyncFlag = false;
var model = stuInfoBasicIBLL.GetStuInfoBasicEntityByStuNo(entity.StuNo); var model = stuInfoBasicIBLL.GetStuInfoBasicEntityByStuNo(entity.StuNo);


+ 23
- 0
Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_OrganizationModule/Controllers/UserController.cs Ver arquivo

@@ -98,6 +98,16 @@ namespace Learun.Application.Web.Areas.LR_OrganizationModule.Controllers
[AjaxOnly] [AjaxOnly]
public ActionResult GetPageList(string pagination, string keyword, string companyId, string departmentId, string tp) public ActionResult GetPageList(string pagination, string keyword, string companyId, string departmentId, string tp)
{ {
var user = LoginUserInfo.Get();
if (user.Description == "学生")
{
keyword = user.account;
tp = null;
}
if (user.Description == "教师")
{
tp = "1";
}
Pagination paginationobj = pagination.ToObject<Pagination>(); Pagination paginationobj = pagination.ToObject<Pagination>();
var data = userIBLL.GetPageList(companyId, departmentId, paginationobj, keyword, tp); var data = userIBLL.GetPageList(companyId, departmentId, paginationobj, keyword, tp);
var jsonData = new var jsonData = new
@@ -120,6 +130,11 @@ namespace Learun.Application.Web.Areas.LR_OrganizationModule.Controllers
[AjaxOnly] [AjaxOnly]
public ActionResult GetList(string companyId, string departmentId, string keyword) public ActionResult GetList(string companyId, string departmentId, string keyword)
{ {
var user = LoginUserInfo.Get();
if (user.Description == "学生")
{
keyword = user.account;
}
if (string.IsNullOrEmpty(companyId)) if (string.IsNullOrEmpty(companyId))
{ {
var department = departmentIBLL.GetEntity(departmentId); var department = departmentIBLL.GetEntity(departmentId);
@@ -303,6 +318,14 @@ namespace Learun.Application.Web.Areas.LR_OrganizationModule.Controllers
[AjaxOnly] [AjaxOnly]
public ActionResult SaveForm(string keyValue, UserEntity entity) public ActionResult SaveForm(string keyValue, UserEntity entity)
{ {
var user = LoginUserInfo.Get();
if (user.Description == "学生"|| user.Description == "教师")
{
if (keyValue != user.userId)
{
return Fail("只允许修改自己的信息");
}
}
userIBLL.SaveEntity(keyValue, entity); userIBLL.SaveEntity(keyValue, entity);
return Success("保存成功!"); return Success("保存成功!");
} }


+ 14
- 4
Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_SystemModule/Controllers/DatabaseLinkController.cs Ver arquivo

@@ -13,7 +13,7 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
/// </summary> /// </summary>
public class DatabaseLinkController : MvcControllerBase public class DatabaseLinkController : MvcControllerBase
{ {
DatabaseLinkIBLL databaseLinkIBLL = new DatabaseLinkBLL();
DatabaseLinkIBLL databaseLinkIBLL = new DatabaseLinkBLL();


#region 获取视图 #region 获取视图
/// <summary> /// <summary>
@@ -46,6 +46,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
[AjaxOnly] [AjaxOnly]
public ActionResult GetList(string keyword) public ActionResult GetList(string keyword)
{ {
var user = LoginUserInfo.Get();
if (user.Description != "管理员")
{
return Fail("不允许的操作");
}
var data = databaseLinkIBLL.GetListByNoConnection(keyword); var data = databaseLinkIBLL.GetListByNoConnection(keyword);
return JsonResult(data); return JsonResult(data);
} }
@@ -83,9 +88,14 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
[AjaxOnly] [AjaxOnly]
public ActionResult GetTreeList() public ActionResult GetTreeList()
{ {
var user = LoginUserInfo.Get();
if (user.Description != "管理员")
{
return Fail("不允许的操作");
}
var data = databaseLinkIBLL.GetTreeList(); var data = databaseLinkIBLL.GetTreeList();
return JsonResult(data); return JsonResult(data);
}
}


#endregion #endregion


@@ -135,9 +145,9 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
/// <returns></returns> /// <returns></returns>
[HttpPost] [HttpPost]
[AjaxOnly] [AjaxOnly]
public ActionResult TestConnection(string connection, string dbType,string keyValue)
public ActionResult TestConnection(string connection, string dbType, string keyValue)
{ {
bool res = databaseLinkIBLL.TestConnection(connection, dbType,keyValue);
bool res = databaseLinkIBLL.TestConnection(connection, dbType, keyValue);
if (res) if (res)
{ {
return Success("连接成功!"); return Success("连接成功!");


+ 40
- 0
Learun.Framework.Ultimate V7/Learun.Application.Web/Areas/LR_SystemModule/Controllers/DatabaseTableController.cs Ver arquivo

@@ -87,6 +87,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
[AjaxOnly] [AjaxOnly]
public ActionResult GetList(string databaseLinkId,string tableName) public ActionResult GetList(string databaseLinkId,string tableName)
{ {
var user = LoginUserInfo.Get();
if (user.Description != "管理员")
{
return Fail("不允许的操作");
}
var data = databaseTableIBLL.GetTableList(databaseLinkId, tableName); var data = databaseTableIBLL.GetTableList(databaseLinkId, tableName);
return JsonResult(data); return JsonResult(data);
} }
@@ -100,6 +105,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
[AjaxOnly] [AjaxOnly]
public ActionResult GetDraftList(string queryJson) public ActionResult GetDraftList(string queryJson)
{ {
var user = LoginUserInfo.Get();
if (user.Description != "管理员")
{
return Fail("不允许的操作");
}
var data = dbDraftIBLL.GetList(queryJson); var data = dbDraftIBLL.GetList(queryJson);
return JsonResult(data); return JsonResult(data);
} }
@@ -113,6 +123,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
[HttpGet] [HttpGet]
[AjaxOnly] [AjaxOnly]
public ActionResult GetFieldList(string databaseLinkId, string tableName) { public ActionResult GetFieldList(string databaseLinkId, string tableName) {
var user = LoginUserInfo.Get();
if (user.Description != "管理员")
{
return Fail("不允许的操作");
}
var data = databaseTableIBLL.GetTableFiledList(databaseLinkId, tableName); var data = databaseTableIBLL.GetTableFiledList(databaseLinkId, tableName);
return JsonResult(data); return JsonResult(data);
} }
@@ -130,6 +145,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
[AjaxOnly] [AjaxOnly]
public ActionResult GetTableDataList(string databaseLinkId, string tableName, string field, string logic, string keyword, string pagination) public ActionResult GetTableDataList(string databaseLinkId, string tableName, string field, string logic, string keyword, string pagination)
{ {
var user = LoginUserInfo.Get();
if (user.Description != "管理员")
{
return Fail("不允许的操作");
}
Pagination paginationobj = pagination.ToObject<Pagination>(); Pagination paginationobj = pagination.ToObject<Pagination>();
var data = databaseTableIBLL.GetTableDataList(databaseLinkId, tableName, field, logic, keyword, paginationobj); var data = databaseTableIBLL.GetTableDataList(databaseLinkId, tableName, field, logic, keyword, paginationobj);
var jsonData = new var jsonData = new
@@ -151,6 +171,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
[AjaxOnly] [AjaxOnly]
public ActionResult GetTableDataAllList(string databaseLinkId, string tableName) public ActionResult GetTableDataAllList(string databaseLinkId, string tableName)
{ {
var user = LoginUserInfo.Get();
if (user.Description != "管理员")
{
return Fail("不允许的操作");
}
var data = databaseTableIBLL.GetTableDataList(databaseLinkId, tableName); var data = databaseTableIBLL.GetTableDataList(databaseLinkId, tableName);
return JsonResult(data); return JsonResult(data);
} }
@@ -163,6 +188,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
[AjaxOnly] [AjaxOnly]
public ActionResult GetTreeList(string parentId) public ActionResult GetTreeList(string parentId)
{ {
var user = LoginUserInfo.Get();
if (user.Description != "管理员")
{
return Fail("不允许的操作");
}
var data = databaseTableIBLL.GetTreeList(parentId); var data = databaseTableIBLL.GetTreeList(parentId);
return JsonResult(data); return JsonResult(data);
} }
@@ -174,6 +204,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
/// <returns></returns> /// <returns></returns>
public ActionResult GetFieldTreeList(string databaseLinkId, string tableName) public ActionResult GetFieldTreeList(string databaseLinkId, string tableName)
{ {
var user = LoginUserInfo.Get();
if (user.Description != "管理员")
{
return Fail("不允许的操作");
}
var data = databaseTableIBLL.GetFiledTreeList(databaseLinkId, tableName); var data = databaseTableIBLL.GetFiledTreeList(databaseLinkId, tableName);
return JsonResult(data); return JsonResult(data);
} }
@@ -185,6 +220,11 @@ namespace Learun.Application.Web.Areas.LR_SystemModule.Controllers
/// <returns></returns> /// <returns></returns>
public ActionResult GetSqlColName(string databaseLinkId, string strSql) public ActionResult GetSqlColName(string databaseLinkId, string strSql)
{ {
var user = LoginUserInfo.Get();
if (user.Description != "管理员")
{
return Fail("不允许的操作");
}
var data = databaseTableIBLL.GetSqlColName(databaseLinkId, strSql); var data = databaseTableIBLL.GetSqlColName(databaseLinkId, strSql);
return JsonResult(data); return JsonResult(data);
} }


+ 6
- 1
Learun.Framework.Ultimate V7/Learun.Application.Web/Controllers/LoginController.cs Ver arquivo

@@ -555,7 +555,6 @@ namespace Learun.Application.Web.Controllers
//[HandlerValidateAntiForgeryToken] //[HandlerValidateAntiForgeryToken]
public ActionResult CheckLogin(string username, string password, string verifycode, string up, string defaultPwdTip) public ActionResult CheckLogin(string username, string password, string verifycode, string up, string defaultPwdTip)
{ {

int error = OperatorHelper.Instance.GetCurrentErrorNum(); int error = OperatorHelper.Instance.GetCurrentErrorNum();
if (error >= 3) if (error >= 3)
{ {
@@ -634,6 +633,12 @@ namespace Learun.Application.Web.Controllers
} }
else else
{ {
var key = $"login_attempts:{GetIP()}";
var currentAttempts = _redis.StringIncrement(key,15);
if (currentAttempts > 10)
{
return Fail("登录次数10分钟超过10次,已被禁止登录,请20分钟后重试!", error);
}
//记录ip //记录ip
userBll.UpdateIp(GetIP(), userEntity.F_UserId); userBll.UpdateIp(GetIP(), userEntity.F_UserId);
OperatorHelper.Instance.AddLoginUser(userEntity.F_Account, "Learun_ADMS_6.1_PC", null);//写入缓存信息 OperatorHelper.Instance.AddLoginUser(userEntity.F_Account, "Learun_ADMS_6.1_PC", null);//写入缓存信息


+ 1
- 4
Learun.Framework.Ultimate V7/Learun.Application.Web/Learun.Application.Web.csproj Ver arquivo

@@ -23,7 +23,7 @@
<SolutionDir Condition="$(SolutionDir) == '' Or $(SolutionDir) == '*Undefined*'">..\..\..\</SolutionDir> <SolutionDir Condition="$(SolutionDir) == '' Or $(SolutionDir) == '*Undefined*'">..\..\..\</SolutionDir>
<RestorePackages>true</RestorePackages> <RestorePackages>true</RestorePackages>
<UseGlobalApplicationHostFile /> <UseGlobalApplicationHostFile />
<Use64BitIISExpress />
<Use64BitIISExpress>false</Use64BitIISExpress>
<SccProjectName> <SccProjectName>
</SccProjectName> </SccProjectName>
<SccLocalPath> <SccLocalPath>
@@ -104,9 +104,6 @@
<Reference Include="Microsoft.Practices.Unity.RegistrationByConvention"> <Reference Include="Microsoft.Practices.Unity.RegistrationByConvention">
<HintPath>..\packages\Unity.4.0.1\lib\net45\Microsoft.Practices.Unity.RegistrationByConvention.dll</HintPath> <HintPath>..\packages\Unity.4.0.1\lib\net45\Microsoft.Practices.Unity.RegistrationByConvention.dll</HintPath>
</Reference> </Reference>
<Reference Include="Microsoft.QualityTools.Testing.Fakes, Version=12.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=MSIL">
<SpecificVersion>False</SpecificVersion>
</Reference>
<Reference Include="Microsoft.Web.Infrastructure, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL"> <Reference Include="Microsoft.Web.Infrastructure, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
<HintPath>..\packages\Microsoft.Web.Infrastructure.1.0.0.0\lib\net40\Microsoft.Web.Infrastructure.dll</HintPath> <HintPath>..\packages\Microsoft.Web.Infrastructure.1.0.0.0\lib\net40\Microsoft.Web.Infrastructure.dll</HintPath>
<Private>True</Private> <Private>True</Private>


+ 1
- 1
Learun.Framework.Ultimate V7/Learun.Application.Web/Views/Login/Default.cshtml Ver arquivo

@@ -86,7 +86,7 @@
<div class="lr-login-bypsw noreg"> <div class="lr-login-bypsw noreg">
<div class="error_info">*&nbsp;<span>密码不正确</span></div> <div class="error_info">*&nbsp;<span>密码不正确</span></div>
<div class="lr-login-input"> <div class="lr-login-input">
<img class="inp_icon" src="~/Content/images/Login/default_account0.png" alt=""> <input id="lr_username" type="text" placeholder="身份证号">
<img class="inp_icon" src="~/Content/images/Login/default_account0.png" alt=""> <input id="lr_username" type="text" placeholder="身份证号/学号">
</div> </div>
<div class="lr-login-input"> <div class="lr-login-input">
<img class="inp_icon" src="~/Content/images/Login/default_psw0.png" alt=""><input id="lr_password" type="password" placeholder="密码"> <img class="inp_icon" src="~/Content/images/Login/default_psw0.png" alt=""><input id="lr_password" type="password" placeholder="密码">


+ 10
- 0
Learun.Framework.Ultimate V7/Learun.Framework.Module/Learun.Cache/Learun.Cache.Redis/CacheByRedis.cs Ver arquivo

@@ -138,6 +138,16 @@ namespace Learun.Cache.Redis
return new RedisCache(dbId, null).ListLength(cacheKey); return new RedisCache(dbId, null).ListLength(cacheKey);
} }


public double StringIncrement(string cacheKey, int dbId = 0)
{
var current = new RedisCache(dbId, null).StringIncrement(cacheKey);
if (current == 1)
{
new RedisCache(dbId, null).KeyExpire(cacheKey, TimeSpan.FromMinutes(10));
}
return current;
}

#endregion 同步方法 #endregion 同步方法


#endregion List #endregion List


Escrever Pré-visualização
Carregando…
Cancelar
Salvar