VULHUB ™

### 简要描述： phpok企业建站系统(越权修改任意用户收货地址) ### 详细说明： 1.来到个人中心收货地址添加后编辑抓包 [<img src="https://images.seebug.org/upload/201511/092001035597bd02eabd786a7b223f50d2f42e96.png" alt="·1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/092001035597bd02eabd786a7b223f50d2f42e96.png) 2.id地址是23这个 [<img src="https://images.seebug.org/upload/201511/092002169cefa0a7285ab07de0090775b6df3ea2.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/092002169cefa0a7285ab07de0090775b6df3ea2.png) 3.登录账号二同样操作 [<img src="https://images.seebug.org/upload/201511/09200442cec4f897c2adfd70619258ff7da50c6e.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/09200442cec4f897c2adfd70619258ff7da50c6e.jpg) [<img src="https://images.seebug.org/upload/201511/092004474e828c630ac33ccecdd6287326e53cbf.png" alt="4.png" width="600"...

### 简要描述： phpok企业建站系统(越权修改任意用户收货地址) ### 详细说明： 1.来到个人中心收货地址添加后编辑抓包 [<img src="https://images.seebug.org/upload/201511/092001035597bd02eabd786a7b223f50d2f42e96.png" alt="·1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/092001035597bd02eabd786a7b223f50d2f42e96.png) 2.id地址是23这个 [<img src="https://images.seebug.org/upload/201511/092002169cefa0a7285ab07de0090775b6df3ea2.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/092002169cefa0a7285ab07de0090775b6df3ea2.png) 3.登录账号二同样操作 [<img src="https://images.seebug.org/upload/201511/09200442cec4f897c2adfd70619258ff7da50c6e.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/09200442cec4f897c2adfd70619258ff7da50c6e.jpg) [<img src="https://images.seebug.org/upload/201511/092004474e828c630ac33ccecdd6287326e53cbf.png" alt="4.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/092004474e828c630ac33ccecdd6287326e53cbf.png) 4.账号一包处修改为账号二 [<img src="https://images.seebug.org/upload/201511/092006160a465197cf7e48f63e04752d9c658c73.png" alt="5.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/092006160a465197cf7e48f63e04752d9c658c73.png) 5.成功修改 [<img src="https://images.seebug.org/upload/201511/0920063754939738cf5f2b22ea26d1a08003f88b.png" alt="6.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/0920063754939738cf5f2b22ea26d1a08003f88b.png) 局域网内2台电脑测试过哦嘿嘿 ### 漏洞证明： 1.来到个人中心收货地址添加后编辑抓包 [<img src="https://images.seebug.org/upload/201511/092001035597bd02eabd786a7b223f50d2f42e96.png" alt="·1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/092001035597bd02eabd786a7b223f50d2f42e96.png) 2.id地址是23这个 [<img src="https://images.seebug.org/upload/201511/092002169cefa0a7285ab07de0090775b6df3ea2.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/092002169cefa0a7285ab07de0090775b6df3ea2.png) 3.登录账号二同样操作 [<img src="https://images.seebug.org/upload/201511/09200442cec4f897c2adfd70619258ff7da50c6e.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/09200442cec4f897c2adfd70619258ff7da50c6e.jpg) [<img src="https://images.seebug.org/upload/201511/092004474e828c630ac33ccecdd6287326e53cbf.png" alt="4.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/092004474e828c630ac33ccecdd6287326e53cbf.png) 4.账号一包处修改为账号二 [<img src="https://images.seebug.org/upload/201511/092006160a465197cf7e48f63e04752d9c658c73.png" alt="5.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/092006160a465197cf7e48f63e04752d9c658c73.png) 5.成功修改 [<img src="https://images.seebug.org/upload/201511/0920063754939738cf5f2b22ea26d1a08003f88b.png" alt="6.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/0920063754939738cf5f2b22ea26d1a08003f88b.png) 局域网内2台电脑测试过哦嘿嘿