From 60c821134a0f92cfb3a10f1212be10ae92bd565f Mon Sep 17 00:00:00 2001
From: k4n5ha0 <9199771@qq.com>
Date: Tue, 3 Jan 2023 16:18:12 +0800
Subject: [PATCH] Update IDOR2.java
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

admin.无法登录
另外建议让zhangwei和admin都可以登录系统，不要写死只有admin登录
这样就可以很好的对比zhangwei不能访问这个safe/admin的url，对比越权漏洞
---
 src/main/java/com/best/hello/controller/IDOR/IDOR2.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/com/best/hello/controller/IDOR/IDOR2.java b/src/main/java/com/best/hello/controller/IDOR/IDOR2.java
index cf8d5af..3b2576a 100644
--- a/src/main/java/com/best/hello/controller/IDOR/IDOR2.java
+++ b/src/main/java/com/best/hello/controller/IDOR/IDOR2.java
@@ -23,7 +23,7 @@ public String vul() {
     // 只允许admin用户可以访问管理页面
     @GetMapping(value = "/safe/admin")
     public String safe(HttpSession session) {
-        if (session.getAttribute("LoginUser").equals("admin.")) {
+        if (session.getAttribute("LoginUser").equals("admin")) {
             return "idoradmin";
         } else {
             return "commons/403";