某CMS存在越权漏洞(任意用户信息修改)

2015-04-13T00:00:00
ID SSV:94125
Type seebug
Reporter Root
Modified 2015-04-13T00:00:00

Description

简要描述:

某CMS存在越权漏洞(任意用户信息修改)

详细说明:

账号A uid=726

<img src="https://images.seebug.org/upload/201504/072236268427943f23587fbd37ba93ba9b2e0347.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">

账号B uid=727

<img src="https://images.seebug.org/upload/201504/0722363756a38e431bcb1a1da23429da72133448.png" alt="2.png" width="600" onerror="javascript:errimg(this);">

越权修改账号A uid=726 的信息

<img src="https://images.seebug.org/upload/201504/0722365616dceb0e17ab232df9abe6ef0635cb6d.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">

成功修改

<img src="https://images.seebug.org/upload/201504/072237067fb021ae0afd2ad6a94950994ee742de.jpg" alt="4.jpg" width="600" onerror="javascript:errimg(this);">

ok http://demo2.74cms.com/ demo演示站点2也存在说明存在漏洞了

漏洞证明:

账号A uid=726

<img src="https://images.seebug.org/upload/201504/072236268427943f23587fbd37ba93ba9b2e0347.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">

账号B uid=727

<img src="https://images.seebug.org/upload/201504/0722363756a38e431bcb1a1da23429da72133448.png" alt="2.png" width="600" onerror="javascript:errimg(this);">

越权修改账号A uid=726 的信息

<img src="https://images.seebug.org/upload/201504/0722365616dceb0e17ab232df9abe6ef0635cb6d.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">

成功修改

<img src="https://images.seebug.org/upload/201504/072237067fb021ae0afd2ad6a94950994ee742de.jpg" alt="4.jpg" width="600" onerror="javascript:errimg(this);">

ok http://demo2.74cms.com/ demo演示站点2也存在说明存在漏洞了