传统运维 - chrome console js

2023-05-23
0 评论 0 浏览

背景

前端js bug,绕过前端直接请求api,同时由于账号已登录,故绕过鉴权

const requestBody = {
  regionId: 4,
  serviceType: "tke",
  cmd: "ForwardPlatformRequestV3",
  data: {
    Method: "PATCH",
    Path: "/apis/platform.tke/v1/clusters/cls-gk7n/logconfig?name=paas-down-gateway-access",
    Version: "2018-05-25",
    RequestBody: "e3NwZWM6Y26e319IHtzcGVjOmlucHV0RGV0YWlsOmNvbnRhaW5lckZpbGU6ZXhjbHVkZU5hbWVzcGFjZTpudWxsfSB7c3BlYzppbnB1dERldGFpbDpob3N0RmlsZTpudWxsfSB7c3BlYzprYWZrYURldGFpbDpudWxsfQ==",
    EncodedBody: true,
    ContentType: "application/merge-patch+json",
    ClusterName: "cls-gk7cmn",
    Language: "zh-CN"
  }
};

fetch('https://console.cloud.tencent.com/cgi/capi?cmd=ForwardPlatformRequestV3&action=delegate&serviceType=tke&secure=1&version=3&dictId=2006&sts=1&t=16847401079&uin=1000202318&ownerUin=1000263593&csrfCode=1767184', {
  method: 'POST',
  headers: {
    'Content-Type': 'application/json'
  },
  body: JSON.stringify(requestBody)
})
  .then(response => response.json())
  .then(result => console.log(result))
  .catch(error => console.log(error));
标题:传统运维 - chrome console js
地址:https://blog.njqhome.com:8443/articles/2023/05/23/1684809096233.html