网安资讯详情 - SecLens 情报雷达

网安资讯,一网打尽。汇集权威漏洞通告与行业要闻,结合分组浏览、智能过滤、RSS订阅 和 Webhook 推送,多通道拓展您的安全情报视野。

SSV-99914

来源: seebug_vuldb · 抓取时间 2026-06-04 11:20 (UTC+08:00)

原文链接

摘要

漏洞概要:trojan多用户管理部署程序 Login bypass(CVE-2024-55215)

正文

trojan多用户管理部署程序 Login bypass(CVE-2024-55215) 关注 0 基本字段 漏洞编号: SSV-99914 披露/发现时间: 未知 提交时间: 2025-02-08 漏洞等级: 漏洞类别: 登录绕过 影响组件: Jrohy trojan (trojan v.2.0.0 - v.2.15.3) 漏洞作者: 未知 提交者: Knownsec CVE-ID: CVE-2024-55215 CNNVD-ID: 补充 CNVD-ID: 补充 ZoomEye Dork: 补充 来源 https://github.com/ainrm/Jrohy-trojan-unauth-poc/blob/main/README.en.md 漏洞详情 贡献者 共获得 0KB # Jrohy/trojan Unauthorized modification of administrator password [中文版本(Chinese version)](README.md) Jrohy/trojan is an open source project based on Go to automatically deploy trojan services. Its web-side initialization interface `/auth/register` failed to close properly after user configuration, allowing unauthorized visitors to directly modify the administrator password. Source Project: - https://github.com/Jrohy/trojan Affected versions: - v2.0.0 - v2.15.3 ## Vulnerability Principle Register the route and use the `updateUser` function to handle `/auth/register` requests ```go // https://github.com/Jrohy/trojan/tree/v2.15.3/web/auth.go#L155 func Auth(r *gin.Engine, timeout int) *jwt.GinJWTMiddleware { jwtInit(timeout) newInstall := gin.H{"code": 201, "message": "No administrator account found inside the database", "data": nil} r.NoRoute(authMiddleware.MiddlewareFunc(), func(c *gin.Context) { claims := jwt.ExtractClaims(c) fmt.Printf("NoRoute claims: %#v\n", claims) c.JSON(404, gin.H{"code": 404, "message": "Page not found"}) }) ... r.POST("/auth/register", updateUser) ``` Extract `password` from the request and pass it to `SetValue` ```go // https://github.com/Jrohy/trojan/tree/v2.15.3/web/auth.go#L113 func updateUser(c *gin.Context) { responseBody := controller.ResponseBody{Msg: "success"} defer controller.TimeCost(time.Now(), &responseBody) username := c.DefaultPostForm("username", "admin") pass := c.PostForm("password") err := core.SetValue(fmt.Sprintf("%s_pass", username), pass) if err != nil { responseBody.Msg = err.Error() } c.JSON(200, responseBody) } ``` Update the database and write the new password ```go // https://github.com/Jrohy/trojan/tree/v2.15.3/core/leveldb.go#L30 func SetValue(key string, value string) error { db, err := leveldb.OpenFile(dbPath, nil) if err != nil { return err } defer db.Close() return db.Put([]byte(key), []byte(value), nil) } ``` ## Proof of vulnerability ![](https://images.seebug.org/1739007570007-w331s) 共 0 兑换了 PoC 暂无 PoC 参考链接 解决方案 临时解决方案 暂无临时解决方案 官方解决方案 暂无官方解决方案 防护方案 暂无防护方案 完善解决方案 返回 提交 生命线 发现/披露了漏洞 Knownsec 2025-02-08 提交了漏洞 Knownsec 2025-02-08 提交补充了漏洞详情 相关漏洞 trojan多用户管理部署程序 Login bypass(CVE-2024-55215) 关注 0 人气 20404 0 评论前需绑定手机 现在绑定 提交评论 匿名回复 暂无评论 ※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负

标签

扩展字段

{
  "ssvid": "ssvid-99914"
}