Ali cloud according to the amount of payment logic vulnerabilities a gold(cheap enjoy Super host-vulnerability warning

ID MYHACK58:62201339434
Type myhack58
Reporter 佚名
Modified 2013-06-29T00:00:00


To Description:

Ali cloud cloud host purchase logic design is not tight, after a base64 encoding of the data can be tampered with, and the rear end will accept the tampering of the data, and can forge a super host. The need to spend 2 0 1 5 $ 8/month host only need 9 3 6 Yuan/month(see Figure)

! ! ! ! !

And the same configuration of the monthly billing needs 2W more than Yuan. !

Repair solutions:

  1. After the end of the validation bandwidth and the page is the value range consistent;

  2. Open real-name authentication, appears like a hole in the main such a person is held liable.