ShopEx4. 8 5 vulnerability the shipping address can be any view modify delete a-vulnerability warning-the black bar safety net

2012-10-26T00:00:00
ID MYHACK58:62201235312
Type myhack58
Reporter 佚名
Modified 2012-10-26T00:00:00

Description

Ordinary members, after logging in, by a maliciously constructed URL can be achieved for the entire site shipping address to view, modify, and delete.

Causing the user sensitive privacy leak and website, unnecessary losses.

Detailed description:

core/shop/controller/ctl. member. php file

//Modify the shipping address

function modifyReceiver($addrId){

$oMem = &$this->system->loadModel(‘member/member’);

if($aRet = $oMem->getAddrById($addrId)){

$aRet['defOpt'] = array('0'=>('no'), '1'=>('Yes'));

$this->pagedata = $aRet;

}else{

$this->system->error(4 0 4);

exit;

}

$this->_output();

}

function saveRec(){

$this->begin($this->system->mkUrl(‘member’,'modifyReceiver’,array($_POST['addr_id'])));

$oMem = &$this->system->loadModel(‘member/member’);

if($oMem->saveRec($_POST,$this->member['member_id'],$message)){

$this->redirect(‘member’,'receiver’);

}

trigger_error($message, E_USER_ERROR);

$this->end(false,__(‘modify failed’),$this->system->mkUrl(‘member’,'modifyReceiver’,array($_POST['addr_id'])));

}

[1] [2] [3] [4] next