关键信息 漏洞名称 NutzBoot Web3j transfer endpoint allows unauthorized ETH transfers 影响产品 NutzBoot (Web3j starter + demo module) 提交者 sh7err@vEcho 影响版本或修复版本 2.6.0-SNAPSHOT (current dev branch) Any deployment that exposes EthModule.sendTransaction 漏洞类型 Missing authentication on financial transaction API / improper access control 根因 is registered at , lacks , CSRF protection, or any authorization guard, and directly signs a transaction using the locally stored account password. 影响 An unauthenticated attacker can drain the server's configured Ethereum wallets or transfer arbitrary values to attacker-controlled addresses. 漏洞细节和PoC 漏洞位置 GET /web3j/eth/sendTransaction/{from}/{to}?wei= 复现步骤 1. Start the demo Web3j application with at least one locally configured account. 2. Issue the following request without any authentication or CSRF token: 建议修复措施 1. Remove this helper API from public deployments, or at minimum require strong authentication/authorization, rate limiting, and audit logging. 2. Restrict the HTTP method to POST and enforce CSRF tokens or HMAC signatures. 3. Perform server-side validation of destination addresses and introduce an approval workflow for outgoing transfers. 4. Avoid storing wallet passwords in process memory; require operators to unlock the account manually before each transfer.