VULHUB ™

### 简要描述： 权限控制.. ### 详细说明： 官网最新版存在平衡权限漏洞，进入用户自己的空间，修改基本信息： [<img src="https://images.seebug.org/upload/201503/102037314e3b2a48eee35a1fe3b71af5a87e29a0.png" alt="F5VTBBSS6U_R4M)%N3SSEKB.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/102037314e3b2a48eee35a1fe3b71af5a87e29a0.png) 添加“个人标签”，抓包，改包: [<img src="https://images.seebug.org/upload/201503/10204610cf0fb56528f2334aae9ad0e0210e29b7.png" alt="FF(KAM%GJAIZ04IQK`J0}J0.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/10204610cf0fb56528f2334aae9ad0e0210e29b7.png) [<img src="https://images.seebug.org/upload/201503/102047321a5ef5d84348f2f6523eba921fad3a5b.png" alt="9KG)TQ}R%4VEEOQX$$8XJB7.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/102047321a5ef5d84348f2f6523eba921fad3a5b.png) 将objid修改为1，1是admin用户ID 登入admin查看个人标签： [<img...

### 简要描述： 权限控制.. ### 详细说明： 官网最新版存在平衡权限漏洞，进入用户自己的空间，修改基本信息： [<img src="https://images.seebug.org/upload/201503/102037314e3b2a48eee35a1fe3b71af5a87e29a0.png" alt="F5VTBBSS6U_R4M)%N3SSEKB.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/102037314e3b2a48eee35a1fe3b71af5a87e29a0.png) 添加“个人标签”，抓包，改包: [<img src="https://images.seebug.org/upload/201503/10204610cf0fb56528f2334aae9ad0e0210e29b7.png" alt="FF(KAM%GJAIZ04IQK`J0}J0.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/10204610cf0fb56528f2334aae9ad0e0210e29b7.png) [<img src="https://images.seebug.org/upload/201503/102047321a5ef5d84348f2f6523eba921fad3a5b.png" alt="9KG)TQ}R%4VEEOQX$$8XJB7.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/102047321a5ef5d84348f2f6523eba921fad3a5b.png) 将objid修改为1，1是admin用户ID 登入admin查看个人标签： [<img src="https://images.seebug.org/upload/201503/10204855f2f51b9f73e4b6fcb7dbcd388a566d28.png" alt="RM}QBSB37G4{2[D%E_PYBYQ.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/10204855f2f51b9f73e4b6fcb7dbcd388a566d28.png) admin1的标签已经成了admin的标签.... ### 漏洞证明： [<img src="https://images.seebug.org/upload/201503/10204855f2f51b9f73e4b6fcb7dbcd388a566d28.png" alt="RM}QBSB37G4{2[D%E_PYBYQ.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/10204855f2f51b9f73e4b6fcb7dbcd388a566d28.png)