ThinkSAAS平衡权限漏洞二

2015-03-11T00:00:00
ID SSV:94317
Type seebug
Reporter Root
Modified 2015-03-11T00:00:00

Description

简要描述:

权限控制..

详细说明:

官网最新版存在平衡权限漏洞,进入用户自己的空间,修改基本信息:

<img src="https://images.seebug.org/upload/201503/102037314e3b2a48eee35a1fe3b71af5a87e29a0.png" alt="F5VTBBSS6U_R4M)%N3SSEKB.png" width="600" onerror="javascript:errimg(this);">

添加“个人标签”,抓包,改包:

<img src="https://images.seebug.org/upload/201503/10204610cf0fb56528f2334aae9ad0e0210e29b7.png" alt="FF(KAM%GJAIZ04IQK`J0}J0.png" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201503/102047321a5ef5d84348f2f6523eba921fad3a5b.png" alt="9KG)TQ}R%4VEEOQX$$8XJB7.png" width="600" onerror="javascript:errimg(this);">

将objid修改为1,1是admin用户ID 登入admin查看个人标签:

[<img src="https://images.seebug.org/upload/201503/10204855f2f51b9f73e4b6fcb7dbcd388a566d28.png" alt="RM}QBSB37G4{2D%E_PYBYQ.png" width="600" onerror="javascript:errimg(this);">

admin1的标签已经成了admin的标签....

漏洞证明:

[<img src="https://images.seebug.org/upload/201503/10204855f2f51b9f73e4b6fcb7dbcd388a566d28.png" alt="RM}QBSB37G4{2D%E_PYBYQ.png" width="600" onerror="javascript:errimg(this);">