Description
### 简要描述:
TCCMS V8.0存在越权漏洞(任意用户信息修改)
### 详细说明:
测试账号A snake 密码123123
测试账号B heise 密码123123
账号A id=659
[<img src="https://images.seebug.org/upload/201504/0716345166e8ad565b3dd978d78f525300bded39.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/0716345166e8ad565b3dd978d78f525300bded39.jpg)
账号B id=660
[<img src="https://images.seebug.org/upload/201504/071634583572cf82f9e8f5da9aa5bc8b6d0d7df9.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/071634583572cf82f9e8f5da9aa5bc8b6d0d7df9.jpg)
越权修改账号A的信息
[<img src="https://images.seebug.org/upload/201504/07163505ae2418e0b09e59b94d5be9ba1dca27cf.png" alt="3.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/07163505ae2418e0b09e59b94d5be9ba1dca27cf.png)
成功修改
[<img src="https://images.seebug.org/upload/201504/071635136697f43c83a7ec90785017e0f51d83c6.png" alt="4.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/071635136697f43c83a7ec90785017e0f51d83c6.png)
### 漏洞证明:
测试账号A snake 密码123123
测试账号B heise 密码123123
账号A id=659
[<img src="https://images.seebug.org/upload/201504/0716345166e8ad565b3dd978d78f525300bded39.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/0716345166e8ad565b3dd978d78f525300bded39.jpg)
账号B id=660
[<img src="https://images.seebug.org/upload/201504/071634583572cf82f9e8f5da9aa5bc8b6d0d7df9.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/071634583572cf82f9e8f5da9aa5bc8b6d0d7df9.jpg)
越权修改账号A的信息
[<img src="https://images.seebug.org/upload/201504/07163505ae2418e0b09e59b94d5be9ba1dca27cf.png" alt="3.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/07163505ae2418e0b09e59b94d5be9ba1dca27cf.png)
成功修改
[<img src="https://images.seebug.org/upload/201504/071635136697f43c83a7ec90785017e0f51d83c6.png" alt="4.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/071635136697f43c83a7ec90785017e0f51d83c6.png)
{"type": "seebug", "lastseen": "2017-11-19T12:33:11", "href": "https://www.seebug.org/vuldb/ssvid-95052", "cvss": {"score": 0.0, "vector": "NONE"}, "modified": "2015-04-09T00:00:00", "reporter": "Root", "description": "### \u7b80\u8981\u63cf\u8ff0\uff1a\n\nTCCMS V8.0\u5b58\u5728\u8d8a\u6743\u6f0f\u6d1e(\u4efb\u610f\u7528\u6237\u4fe1\u606f\u4fee\u6539)\n\n### \u8be6\u7ec6\u8bf4\u660e\uff1a\n\n\u6d4b\u8bd5\u8d26\u53f7A snake \u5bc6\u7801123123\n\u6d4b\u8bd5\u8d26\u53f7B heise \u5bc6\u7801123123\n\u8d26\u53f7A id=659 \n\n\n[<img src=\"https://images.seebug.org/upload/201504/0716345166e8ad565b3dd978d78f525300bded39.jpg\" alt=\"1.jpg\" width=\"600\" onerror=\"javascript:errimg(this);\">](https://images.seebug.org/upload/201504/0716345166e8ad565b3dd978d78f525300bded39.jpg)\n\n\n\u8d26\u53f7B id=660\n\n\n[<img src=\"https://images.seebug.org/upload/201504/071634583572cf82f9e8f5da9aa5bc8b6d0d7df9.jpg\" alt=\"2.jpg\" width=\"600\" onerror=\"javascript:errimg(this);\">](https://images.seebug.org/upload/201504/071634583572cf82f9e8f5da9aa5bc8b6d0d7df9.jpg)\n\n\n\u8d8a\u6743\u4fee\u6539\u8d26\u53f7A\u7684\u4fe1\u606f \n\n\n[<img src=\"https://images.seebug.org/upload/201504/07163505ae2418e0b09e59b94d5be9ba1dca27cf.png\" alt=\"3.png\" width=\"600\" onerror=\"javascript:errimg(this);\">](https://images.seebug.org/upload/201504/07163505ae2418e0b09e59b94d5be9ba1dca27cf.png)\n\n\n\u6210\u529f\u4fee\u6539\n\n\n[<img src=\"https://images.seebug.org/upload/201504/071635136697f43c83a7ec90785017e0f51d83c6.png\" alt=\"4.png\" width=\"600\" onerror=\"javascript:errimg(this);\">](https://images.seebug.org/upload/201504/071635136697f43c83a7ec90785017e0f51d83c6.png)\n\n\n \n\n### \u6f0f\u6d1e\u8bc1\u660e\uff1a\n\n\u6d4b\u8bd5\u8d26\u53f7A snake \u5bc6\u7801123123\n\u6d4b\u8bd5\u8d26\u53f7B heise \u5bc6\u7801123123\n\u8d26\u53f7A id=659 \n\n\n[<img src=\"https://images.seebug.org/upload/201504/0716345166e8ad565b3dd978d78f525300bded39.jpg\" alt=\"1.jpg\" width=\"600\" onerror=\"javascript:errimg(this);\">](https://images.seebug.org/upload/201504/0716345166e8ad565b3dd978d78f525300bded39.jpg)\n\n\n\u8d26\u53f7B id=660\n\n\n[<img src=\"https://images.seebug.org/upload/201504/071634583572cf82f9e8f5da9aa5bc8b6d0d7df9.jpg\" alt=\"2.jpg\" width=\"600\" onerror=\"javascript:errimg(this);\">](https://images.seebug.org/upload/201504/071634583572cf82f9e8f5da9aa5bc8b6d0d7df9.jpg)\n\n\n\u8d8a\u6743\u4fee\u6539\u8d26\u53f7A\u7684\u4fe1\u606f \n\n\n[<img src=\"https://images.seebug.org/upload/201504/07163505ae2418e0b09e59b94d5be9ba1dca27cf.png\" alt=\"3.png\" width=\"600\" onerror=\"javascript:errimg(this);\">](https://images.seebug.org/upload/201504/07163505ae2418e0b09e59b94d5be9ba1dca27cf.png)\n\n\n\u6210\u529f\u4fee\u6539\n\n\n[<img src=\"https://images.seebug.org/upload/201504/071635136697f43c83a7ec90785017e0f51d83c6.png\" alt=\"4.png\" width=\"600\" onerror=\"javascript:errimg(this);\">](https://images.seebug.org/upload/201504/071635136697f43c83a7ec90785017e0f51d83c6.png)", "bulletinFamily": "exploit", "references": [], "viewCount": 4, "status": "details", "sourceHref": "", "cvelist": [], "enchantments_done": [], "title": "\u67d0CMS\u5b58\u5728\u8d8a\u6743\u6f0f\u6d1e(\u4efb\u610f\u7528\u6237\u4fe1\u606f\u4fee\u6539)", "id": "SSV:95052", "sourceData": "", "published": "2015-04-09T00:00:00", "enchantments": {"score": {"value": 0.4, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.4}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645250222, "score": 1659785532, "epss": 1678848988}}
{}
某CMS存在越权漏洞(任意用户信息修改)