某CMS存在越权漏洞(任意用户信息修改)

2015-04-09T00:00:00
ID SSV:95052
Type seebug
Reporter Root
Modified 2015-04-09T00:00:00

Description

简要描述:

TCCMS V8.0存在越权漏洞(任意用户信息修改)

详细说明:

测试账号A snake 密码123123 测试账号B heise 密码123123 账号A id=659

<img src="https://images.seebug.org/upload/201504/0716345166e8ad565b3dd978d78f525300bded39.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">

账号B id=660

<img src="https://images.seebug.org/upload/201504/071634583572cf82f9e8f5da9aa5bc8b6d0d7df9.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">

越权修改账号A的信息

<img src="https://images.seebug.org/upload/201504/07163505ae2418e0b09e59b94d5be9ba1dca27cf.png" alt="3.png" width="600" onerror="javascript:errimg(this);">

成功修改

<img src="https://images.seebug.org/upload/201504/071635136697f43c83a7ec90785017e0f51d83c6.png" alt="4.png" width="600" onerror="javascript:errimg(this);">

漏洞证明:

测试账号A snake 密码123123 测试账号B heise 密码123123 账号A id=659

<img src="https://images.seebug.org/upload/201504/0716345166e8ad565b3dd978d78f525300bded39.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">

账号B id=660

<img src="https://images.seebug.org/upload/201504/071634583572cf82f9e8f5da9aa5bc8b6d0d7df9.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">

越权修改账号A的信息

<img src="https://images.seebug.org/upload/201504/07163505ae2418e0b09e59b94d5be9ba1dca27cf.png" alt="3.png" width="600" onerror="javascript:errimg(this);">

成功修改

<img src="https://images.seebug.org/upload/201504/071635136697f43c83a7ec90785017e0f51d83c6.png" alt="4.png" width="600" onerror="javascript:errimg(this);">