VULHUB ™

### 简要描述： 某在线考试系统存在越权操作(demo演示) ### 详细说明： 测试账号A snake 密码 123123 测试账号B heise 密码123123 账号A uid 975 [<img src="https://images.seebug.org/upload/201504/060238428085b116b7a9323d8437dc6571d84132.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/060238428085b116b7a9323d8437dc6571d84132.jpg) 账号B uid 976 [<img src="https://images.seebug.org/upload/201504/060238498fd3bbb5670edec54e2a94ef6a39f13b.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/060238498fd3bbb5670edec54e2a94ef6a39f13b.jpg) 增加975的收货地址 <img src="https://images.seebug.org/upload/201504/06023922cf044482603e14c03d1846575a65170d.jpg" alt="3.jpg" ok成功 [<img src="https://images.seebug.org/upload/201504/060239389a1960fd10ac65f876878bc247b60bd3.png" alt="54.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/060239389a1960fd10ac65f876878bc247b60bd3.png) ### 漏洞证明： 测试账号A snake 密码...

### 简要描述： 某在线考试系统存在越权操作(demo演示) ### 详细说明： 测试账号A snake 密码 123123 测试账号B heise 密码123123 账号A uid 975 [<img src="https://images.seebug.org/upload/201504/060238428085b116b7a9323d8437dc6571d84132.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/060238428085b116b7a9323d8437dc6571d84132.jpg) 账号B uid 976 [<img src="https://images.seebug.org/upload/201504/060238498fd3bbb5670edec54e2a94ef6a39f13b.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/060238498fd3bbb5670edec54e2a94ef6a39f13b.jpg) 增加975的收货地址 <img src="https://images.seebug.org/upload/201504/06023922cf044482603e14c03d1846575a65170d.jpg" alt="3.jpg" ok成功 [<img src="https://images.seebug.org/upload/201504/060239389a1960fd10ac65f876878bc247b60bd3.png" alt="54.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/060239389a1960fd10ac65f876878bc247b60bd3.png) ### 漏洞证明： 测试账号A snake 密码 123123 测试账号B heise 密码123123 账号A uid 975 [<img src="https://images.seebug.org/upload/201504/060238428085b116b7a9323d8437dc6571d84132.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/060238428085b116b7a9323d8437dc6571d84132.jpg) 账号B uid 976 [<img src="https://images.seebug.org/upload/201504/060238498fd3bbb5670edec54e2a94ef6a39f13b.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/060238498fd3bbb5670edec54e2a94ef6a39f13b.jpg) 增加975的收货地址 [<img src="https://images.seebug.org/upload/201504/06023922cf044482603e14c03d1846575a65170d.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/06023922cf044482603e14c03d1846575a65170d.jpg) ok成功 [<img src="https://images.seebug.org/upload/201504/060239389a1960fd10ac65f876878bc247b60bd3.png" alt="54.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/060239389a1960fd10ac65f876878bc247b60bd3.png)