ShopEx4. 8 5 vulnerability the shipping address can be any view modify delete a-vulnerability warning-the black bar safety net

ID MYHACK58:62201235312
Type myhack58
Reporter 佚名
Modified 2012-10-26T00:00:00


Ordinary members, after logging in, by a maliciously constructed URL can be achieved for the entire site shipping address to view, modify, and delete.

Causing the user sensitive privacy leak and website, unnecessary losses.

Detailed description:

core/shop/controller/ctl. member. php file

//Modify the shipping address

function modifyReceiver($addrId){

$oMem = &$this->system->loadModel(‘member/member’);

if($aRet = $oMem->getAddrById($addrId)){

$aRet['defOpt'] = array('0'=>('no'), '1'=>('Yes'));

$this->pagedata = $aRet;


$this->system->error(4 0 4);





function saveRec(){


$oMem = &$this->system->loadModel(‘member/member’);




trigger_error($message, E_USER_ERROR);

$this->end(false,__(‘modify failed’),$this->system->mkUrl(‘member’,'modifyReceiver’,array($_POST['addr_id'])));


[1] [2] [3] [4] next