Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

verifyPassword function can be bypass #897

Open
xzajyjs opened this issue Nov 3, 2023 · 0 comments
Open

verifyPassword function can be bypass #897

xzajyjs opened this issue Nov 3, 2023 · 0 comments

Comments

@xzajyjs
Copy link

xzajyjs commented Nov 3, 2023
edited

  • affected version: v2.0.0

config

# _config.yml
# The password verification feature of read post. To use this feature,
# activate the configuration item and write the 'password' key and Cipher in the post's Front-matter.
# Note: In order to ensure that the original password will not be leaked to the web page,
# the password of the article must be encrypted by 'SHA256' so that it will not be cracked.
# 阅读文章的密码验证功能,如要使用此功能请激活该配置项,并在对应文章的Front-matter中写上'password'的键和加密后的密文即可.
# 请注意:为了保证密码原文不会被泄露到网页中,文章的密码必须是通过'SHA256'加密的,这样就不会被破解.
verifyPassword:
  enable: true
  promptMessage: 请输入访问本文章的密码
  errorMessage: 密码错误,将返回主页!

test1

bypass

curl http://localhost:4000/2023/11/03/test/ > haha.html

test3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@xzajyjs