乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-09-22: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-11-06: 厂商已经主动忽略漏洞,细节向公众公开
RT
商城站点越权删除漏洞,修改address_id随便看用户隐私
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36Referer: http://www.365.com/my/addressAccept-Encoding: gzip,deflate,sdchAccept-Language: zh-CN,zh;q=0.8Cookie: hub365_session=k%2F%2BkmnlRjGFsE%2BVcw2jjvFPuwt1gZ5EiLIpt0b47FP5lcT0YS%2FeDPk90hSFMuEaMqLwy33LN6gZucEk2mHuilAKKM0IVki2k0FA%2BtSYuxTiRZQy0yrUO7Gz%2B8iyrNqDf7u%2FIeE6Ll6CJSBtfQoGPeBlNX1%2FbF2OFiGhk%2FFQaoNBV4%2FSI9dXOVkEsIP%2Bk72p82rjtVmKE9okBGn0yic1SpcQeK%2FJa4Vv4Yc21cebeRSZ6neiyBhOxveqbzBXs1Tm%2BhdCoYTE2p46Y3fVi96dED9etXUglKck2SVVJ99%2FkJrlspYXtZmkbta%2FjQklL5bJ44u%2Fy0HB49PU3Z8BE4FYX0hmvPWYAHONbmA8mqljE7VQPeCQhgh5h8szb8ZHk5ABRflYVQVCPmyzOXP7SeidhgjucgCPlospoN2frclae1Zl3KkL6n1%2BLFOOC5dPe%2BChB6nza4X%2BlqeqjeZRrjoVuL%2BHOo3Tc6yMgqRPvy8XhmW6Byyf8k3HTidHutXIHJf78FUZ8w282mRY927RoU%2BgnnFfIbW82JvUDOkQY6%2BL80zCFKVO8VcrMOQB4mhTIWwJzD2anFw2GWrcF42FmCJb0gn8Rn1W7EEV62zs0enpoYksvNB%2F57zeUHKHd5wxtpYmF; __utmt=1; __utma=196659955.1578587672.1442839909.1442839909.1442839909.1; __utmb=196659955.39.10.1442839909; __utmc=196659955; __utmz=196659955.1442839909.1.1.utmcsr=baidu|utmccn=(organic)|utmcmd=organic; Hm_lvt_29dd07a8a73cf872888e406e01ee766f=1442839909; Hm_lpvt_29dd07a8a73cf872888e406e01ee766f=1442841138
在收货地址处能够越权删除用户地址我注册了一个账号,随意添加了一个收货地址在修改的时候抓包得到id,我们记录下
把注册的用户address_id修改成111
用户信息泄露
替换到原id
控制权限,权限限制,token验证
未能联系到厂商或者厂商积极拒绝
