mizhexiaoxiao / websiteguide Goto Github PK

View Code? Open in Web Editor NEW

153.0 4.0 65.0 24.29 MB

😃企业内部网址导航系统，基于Python+Django+Vue开发，具有网址导航、网址管理、用户管理等功能

License: MIT License

Python 70.07% Shell 0.61% JavaScript 27.61% HTML 0.31% Dockerfile 1.40%

python3 vue django django-rest-framework docker website websiteguide ops ops-tools ops-admin

websiteguide's Introduction

WebsiteGuide

WebsiteGuide网址导航系统主要用于企业记录和管理内部系统地址，具有网址增删改查、icon图标替换等功能，后续考虑增加rbac和其他功能，欢迎使用和交流~

环境

Python 3.6+
Django 2.2.13
Djangorestframework 3.12.2
Node 12.20.1+
Vue 2.0

网址导航

支持批量添加

网址管理

用户管理

演示地址

导航页 http://demo.mizhexiao.top:8000/

管理后台 http://demo.mizhexiao.top:8000/admin

username：admin

password：admin@1234

快速开始

方法一：dockerhub拉取镜像

docker pull mizhexiaoxiao/websiteguide:latest 
docker run -d --restart=always --name=websiteguide -p 8000:80 mizhexiaoxiao/websiteguide

方法二：dockerfile构建镜像

docker安装(版本17.05+)

yum install -y docker-ce
systemctl start docker

构建镜像

git clone https://github.com/mizhexiaoxiao/WebDockerfile.git
cd WebDockerfile
docker build --no-cache . -t websiteguide

启动容器

docker run -d --restart=always --name=websiteguide -p 8000:80 websiteguide

访问

浏览器打开http://localhost:8000

管理后台http://localhost:8000/admin

username：admin

password：admin@1234

数据备份与恢复

备份

/usr/bin/docker cp 63dd67259f9d:/WebsiteGuide/db.sqlite3 /opt/deploy/bak/db.sqlite3

/usr/bin/docker cp 63dd67259f9d:/WebsiteGuide/websiteapp/media opt/deploy/bak/icon

恢复

/usr/bin/docker cp /opt/deploy/bak/db.sqlite3 63dd67259f9d:/WebsiteGuide/db.sqlite3

/usr/bin/docker cp /opt/deploy/bak/icon 63dd67259f9d:/WebsiteGuide/websiteapp/media

/usr/bin/docker restart 63dd67259f9d

有任何问题请提issue

websiteguide's People

Contributors

Stargazers

Watchers

websiteguide's Issues

unable to access 'https://github.com/mizhexiaoxiao/WebsiteGuide.git/

git clone 访问GitHub时，解析到的IP地址为192.30.255.113，这个地址时访问不通的。请教下如何处理，非常喜欢这个导航，希望有时间给看看，多谢多谢。

静态文件位置没设置好，dist压根就没有~~~

TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
# 'DIRS': [os.path.join(BASE_DIR, 'templates')]
'DIRS': [os.path.join(BASE_DIR, 'websitefronted/dist')] #《《《《《《《《this

[Warning] RCE in WebsiteGuide v0.2

Vulnerability Product:WebsiteGuide v0.2
Vulnerability version: 0.2
Vulnerability type: Remote Command Execute
Vulnerability Details:
Vulnerability location: Image Upload

the variable "save_path" in /websiteapp/views.py -> IconViewSet.post method, does not check the name of file user upload ,
causes "../../" such path is available
and does not check binary of the image
causes user could upload image, pycode, html and stuff

Insecure image upload could cover the original code , causes Remote Command Execute

payload : https://github.com/Leeyangee/leeya_bug/blob/main/..1..1views.py
the payload is original code at /websiteapp/views.py but add a simple function os.system() to verify rce
(this is just a simple payload , It downloading index.html from http://www.bing.com , in order to verifying the vulnerability)

Firstly , Add a website in "分组管理"

After built , visit http://localhost:8000/admin/website
click navigator "网址管理", and click "替换图标"

and click "上传图标" choose the payload (or the image you wanna upload in normal situation)
finally click "确定" to upload

in the whole period of uploading , listening network

After upload the payload , you are able to observe the HTTP request that you just uploaded in burpsuite
Send it to the repeater and replace filename ..1..1views.py to ../../views.py

and finally , click Send , send the payload you had just modified
then you can find that the original code /websiteapp/views.py has changed from

to

that means you just changed the pycode and could causes RCE vulnerability

just visit the website page to trigger the api /api/icon, you can find the index.html downloaded from http://www.bing.com at the path /websiteapp/

proved RCE

by above method, you can upload your file to every file in website or cover every file in website

discovered by leeya_bug