VULHUB ™

### 简要描述： 11 ### 详细说明： [<img src="https://images.seebug.org/upload/201505/02222419fe3c21c5992334c396d3d42625e5694f.png" alt="4.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/02222419fe3c21c5992334c396d3d42625e5694f.png) [<img src="https://images.seebug.org/upload/201505/022224315f5813f8a8bb2d801efbd44a9c0d9f75.png" alt="5.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/022224315f5813f8a8bb2d801efbd44a9c0d9f75.png) [<img src="https://images.seebug.org/upload/201505/022224384101fb0fe9273f556d0a07c2ec09e471.png" alt="6.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/022224384101fb0fe9273f556d0a07c2ec09e471.png) 可以看到图，、test1的收藏本来是“2”个 后来test6删除完，修改ID放包过去，那个test1的“2”变成了“1” ### 漏洞证明： [<img src="https://images.seebug.org/upload/201505/02222419fe3c21c5992334c396d3d42625e5694f.png" alt="4.png" width="600"...

### 简要描述： 11 ### 详细说明： [<img src="https://images.seebug.org/upload/201505/02222419fe3c21c5992334c396d3d42625e5694f.png" alt="4.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/02222419fe3c21c5992334c396d3d42625e5694f.png) [<img src="https://images.seebug.org/upload/201505/022224315f5813f8a8bb2d801efbd44a9c0d9f75.png" alt="5.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/022224315f5813f8a8bb2d801efbd44a9c0d9f75.png) [<img src="https://images.seebug.org/upload/201505/022224384101fb0fe9273f556d0a07c2ec09e471.png" alt="6.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/022224384101fb0fe9273f556d0a07c2ec09e471.png) 可以看到图，、test1的收藏本来是“2”个 后来test6删除完，修改ID放包过去，那个test1的“2”变成了“1” ### 漏洞证明： [<img src="https://images.seebug.org/upload/201505/02222419fe3c21c5992334c396d3d42625e5694f.png" alt="4.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/02222419fe3c21c5992334c396d3d42625e5694f.png) [<img src="https://images.seebug.org/upload/201505/022224315f5813f8a8bb2d801efbd44a9c0d9f75.png" alt="5.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/022224315f5813f8a8bb2d801efbd44a9c0d9f75.png) [<img src="https://images.seebug.org/upload/201505/022224384101fb0fe9273f556d0a07c2ec09e471.png" alt="6.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/022224384101fb0fe9273f556d0a07c2ec09e471.png) 可以看到图，、test1的收藏本来是“2”个 后来test6删除完，修改ID放包过去，那个test1的“2”变成了“1”