|CuuMall免费开源商城系统2处越权漏洞(demo演示)

CuuMall免费开源商城系统2处越权漏洞(demo演示)

- AV AC AU C I A

发布： 2025-04-13

修订： 2025-04-13

### 简要描述： CuuMall免费开源商城系统存在越权漏洞2处(任意用户信息修改) ### 详细说明：一处是个人档案账号A uid=764 [<img src="https://images.seebug.org/upload/201504/062228099b71ce92b59b188e543bc2a4ce06f930.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/062228099b71ce92b59b188e543bc2a4ce06f930.png) 账号B uid=765 [<img src="https://images.seebug.org/upload/201504/06222852af6f094a462e2ecf935fd5a70ef1c6c3.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/06222852af6f094a462e2ecf935fd5a70ef1c6c3.jpg) 越权修改账号A uid=764的信息 [<img src="https://images.seebug.org/upload/201504/0622293541780d4d330603b76c364727df105324.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/0622293541780d4d330603b76c364727df105324.jpg) 成功修改哦 [<img src="https://images.seebug.org/upload/201504/06222946859f248ea046427ac3b5ba6ff5617356.png" alt="4.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/06222946859f248ea046427ac3b5ba6ff5617356.png) 另一处是收货地址 heise账号A id是364 [<img src="https://images.seebug.org/upload/201504/06224232d9513d66fd1677f2be43ed080d7a4fda.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/06224232d9513d66fd1677f2be43ed080d7a4fda.jpg) snake账号B id是 363 [<img src="https://images.seebug.org/upload/201504/0622430849180af9fc2dd32e34c13ca456bd9ce3.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/0622430849180af9fc2dd32e34c13ca456bd9ce3.jpg) 下面越权修改id是364的收货地址 [<img src="https://images.seebug.org/upload/201504/062243519efd1a089f57141df31848f52d015b88.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/062243519efd1a089f57141df31848f52d015b88.jpg) 成功修改 [<img src="https://images.seebug.org/upload/201504/0622441962d7d943e2bc527af83013f03b765f00.png" alt="4.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/0622441962d7d943e2bc527af83013f03b765f00.png) http://chognqingyiwu.com 这个网站也是CuuMall免费开源商城系统也存在 ### 漏洞证明：一处是个人档案账号A uid=764 [<img src="https://images.seebug.org/upload/201504/062228099b71ce92b59b188e543bc2a4ce06f930.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/062228099b71ce92b59b188e543bc2a4ce06f930.png) 账号B uid=765 [<img src="https://images.seebug.org/upload/201504/06222852af6f094a462e2ecf935fd5a70ef1c6c3.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/06222852af6f094a462e2ecf935fd5a70ef1c6c3.jpg) 越权修改账号A uid=764的信息 [<img src="https://images.seebug.org/upload/201504/0622293541780d4d330603b76c364727df105324.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/0622293541780d4d330603b76c364727df105324.jpg) 成功修改哦 [<img src="https://images.seebug.org/upload/201504/06222946859f248ea046427ac3b5ba6ff5617356.png" alt="4.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/06222946859f248ea046427ac3b5ba6ff5617356.png) 另一处是收货地址 heise账号A id是364 [<img src="https://images.seebug.org/upload/201504/06224232d9513d66fd1677f2be43ed080d7a4fda.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/06224232d9513d66fd1677f2be43ed080d7a4fda.jpg) snake账号B id是 363 [<img src="https://images.seebug.org/upload/201504/0622430849180af9fc2dd32e34c13ca456bd9ce3.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/0622430849180af9fc2dd32e34c13ca456bd9ce3.jpg) 下面越权修改id是364的收货地址 [<img src="https://images.seebug.org/upload/201504/062243519efd1a089f57141df31848f52d015b88.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/062243519efd1a089f57141df31848f52d015b88.jpg) 成功修改 [<img src="https://images.seebug.org/upload/201504/0622441962d7d943e2bc527af83013f03b765f00.png" alt="4.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/0622441962d7d943e2bc527af83013f03b765f00.png) http://chognqingyiwu.com 这个网站也是CuuMall免费开源商城系统也存在

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™