Coder Social home page Coder Social logo

b1ackc4t / 14finger Goto Github PK

View Code? Open in Web Editor NEW
374.0 8.0 63.0 15.07 MB

功能齐全的Web指纹识别和分享平台,基于vue3+django前后端分离的web架构,并集成了长亭出品的rad爬虫的功能,内置了一万多条互联网开源的指纹信息。

License: GNU General Public License v3.0

Python 100.00%
django python vue fingerprint

14finger's People

Contributors

b1ackc4t avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar

Forkers

kagantua harry1080 gysf666 jxpsx explangcn klinklinklin g-gini nanaao darkkid0 rabbitsafe auxiliarya bgrstar zzhsec aqimmm inknull fengzihk 7ock qiudaxia134 u1n1come faint-memory qaz7791869 thecryinggame wyzmgmdg liudeguang sms2056 savior-only crackercat wlmsx losenineai bawed lay0us lighthouse-951 keyzf caoeryeyoushang fanyibo2009 kekewind bashrc21 vipersec1 chuanwei elijahahianyo antonizhubar rassec luoxiaohu6 tz0385 ctfer-researcher riskerchan transferhhh junl9798 muyugit soevai 5l1v3r1 17603127956 muvaikas kanuthia creazygan acodervic whoiszzr jepry230 oldjing

14finger's Issues

安装好后mysql打不开,大佬求助

2023-08-12T00:57:08.929393Z 0 [ERROR] [MY-010020] [Server] Data Dictionary initialization failed.
2023-08-12T00:57:08.929557Z 0 [ERROR] [MY-010119] [Server] Aborting
2023-08-12T00:57:10.289360Z 0 [System] [MY-010910] [Server] /usr/sbin/mysqld: Shutdown complete (mysqld 8.0.15) MySQL Community Server - GPL.
2023-08-12T00:58:11.338091Z 0 [Warning] [MY-011070] [Server] 'Disabling symbolic links using --skip-symbolic-links (or equivalent) is the default. Consider not using this option as it' is deprecated and will be removed in a future release.
2023-08-12T00:58:11.338509Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.15) starting as process 1
2023-08-12T00:58:11.345649Z 0 [Warning] [MY-010159] [Server] Setting lower_case_table_names=2 because file system for /var/lib/mysql/ is case insensitive
2023-08-12T00:58:11.862528Z 1 [ERROR] [MY-011087] [Server] Different lower_case_table_names settings for server ('2') and data dictionary ('0').
2023-08-12T00:58:11.862716Z 0 [ERROR] [MY-010020] [Server] Data Dictionary initialization failed.
2023-08-12T00:58:11.862858Z 0 [ERROR] [MY-010119] [Server] Aborting
2023-08-12T00:58:13.314304Z 0 [System] [MY-010910] [Server] /usr/sbin/mysqld: Shutdown complete (mysqld 8.0.15) MySQL Community Server - GPL.
2023-08-12T00:59:14.264133Z 0 [Warning] [MY-011070] [Server] 'Disabling symbolic links using --skip-symbolic-links (or equivalent) is the default. Consider not using this option as it' is deprecated and will be removed in a future release.
2023-08-12T00:59:14.265313Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.15) starting as process 1
2023-08-12T00:59:14.274425Z 0 [Warning] [MY-010159] [Server] Setting lower_case_table_names=2 because file system for /var/lib/mysql/ is case insensitive
2023-08-12T00:59:14.823615Z 1 [ERROR] [MY-011087] [Server] Different lower_case_table_names settings for server ('2') and data dictionary ('0').
2023-08-12T00:59:14.823861Z 0 [ERROR] [MY-010020] [Server] Data Dictionary initialization failed.
2023-08-12T00:59:14.824070Z 0 [ERROR] [MY-010119] [Server] Aborting
2023-08-12T00:59:16.183835Z 0 [System] [MY-010910] [Server] /usr/sbin/mysqld: Shutdown complete (mysqld 8.0.15) MySQL Community Server - GPL.

image

在服务器本地使用admin也登录不了

情况时这样的,登录返回的json为404,然后web界面显示用户名或密码错误:
root@VM-8-2-debian:~/14Finger-docker# cat nginx/html/config.json
{
"BASE_URL_PROD": "http://127.0.0.1:7990",
"BASE_URL_DEV": "http://127.0.0.1:8000"

}
root@VM-8-2-debian:/14Finger-docker# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
201c912fcaf9 nginx:1.20.2 "/docker-entrypoint.…" 31 minutes ago Up 2 minutes 0.0.0.0:7990->80/tcp 14finger-docker_nginx_1
43c18f3d0250 14finger-docker_main "sh -c 'uwsgi --ini …" 31 minutes ago Up 2 minutes 8000/tcp 14finger-docker_main_1
6161e917cdff redis:7.0.4 "docker-entrypoint.s…" 31 minutes ago Up 2 minutes 14finger-docker_redis_1
77e41fa5d790 mysql:8.0.15 "docker-entrypoint.s…" 31 minutes ago Up 2 minutes 3306/tcp, 33060/tcp 14finger-docker_db_1
root@VM-8-2-debian:/14Finger-docker# curl -X POST http://127.0.0.1:7990/api/user/login
-H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:122.0) Gecko/20100101 Firefox/122.0'
-H 'Accept: application/json, text/plain, /'
-H 'Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2'
-H 'Accept-Encoding: gzip, deflate'
-H 'Content-Type: application/json'
-H 'Origin: http://127.0.0.1:7990'
-H 'Connection: keep-alive'
-H 'Referer: http://127.0.0.1:7990/login'
-d '{"username":"admin","password":"admin","email":null}'

<title>404 Not Found</title>

404 Not Found

nginx/1.20.2 root@VM-8-2-debian:~/14Finger-docker#

后端接口404问题

有的师傅反应后端请求接口爆出404,无法访问
docker-compose up日志里看到是有些文件权限不够
image
给够权限,解决问题

# 一般755就够了,但实际有的环境需要777暂不清楚原因
chmod -R 755 ./14Finger-docker
chmod -R 777 ./14Finger-docker

安装报错

安装时报这个错误,是网络的问题么?
3
da但是在浏览器里是可以打开这个地址的
4

I found four vulnerability related to user management authority.

Verison

master branch

Vulnerability List

The first Vulnerability :14Finger User Sensitive Information Leakage Vulnerability
The second vulnerability: 14Finger User privilege escalation vulnerability
The third vulnerability: 14Finger Arbitrary user deletion vulnerability
The fourth vulnerability: 14Finger Arbitrary User Password Reset Vulnerability

Summary:

14Finger does not strictly verify the identity permission of the current user operation, which causes the user to operate functions beyond the scope of his/her management permission, thus operating some behaviors that the user cannot operate.

Repair suggestions:

  1. API authentication
  2. principle of least privilege

For more vulnerability details, please refer to the PDF.
14Finger User Sensitive Information Leakage Vulnerability.pdf
14Finger User privilege escalation vulnerability.pdf
14Finger Arbitrary user deletion vulnerability.pdf
14Finger Arbitrary User Password Reset Vulnerability.pdf

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.