### 简要描述: 通用 ### 详细说明: 越权漏洞 ### 漏洞证明: [<img src="https://images.seebug.org/upload/201502/08214619b2199bb08023f4ef8c6c39f8f42d003a.jpg" alt="QQ截图20150208212633.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201502/08214619b2199bb08023f4ef8c6c39f8f42d003a.jpg) [<img src="https://images.seebug.org/upload/201502/08214626b25cbc373756ac4538aa3d8c983b7afb.jpg" alt="QQ截图20150208212655.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201502/08214626b25cbc373756ac4538aa3d8c983b7afb.jpg) 账号A,账号B [<img src="https://images.seebug.org/upload/201502/082146472e7b16fd543112fd8a22cb3e8002791d.jpg" alt="QQ截图20150208212729.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201502/082146472e7b16fd543112fd8a22cb3e8002791d.jpg) 在账号A修改截断,然后修改ID为账号B的ID 或者遍历都可以 [<img src="https://images.seebug.org/upload/201502/08214715c28808bea58c643fdc3877657d5699d3.jpg" alt="QQ截图20150208212751.jpg"...
### 简要描述: 通用 ### 详细说明: 越权漏洞 ### 漏洞证明: [<img src="https://images.seebug.org/upload/201502/08214619b2199bb08023f4ef8c6c39f8f42d003a.jpg" alt="QQ截图20150208212633.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201502/08214619b2199bb08023f4ef8c6c39f8f42d003a.jpg) [<img src="https://images.seebug.org/upload/201502/08214626b25cbc373756ac4538aa3d8c983b7afb.jpg" alt="QQ截图20150208212655.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201502/08214626b25cbc373756ac4538aa3d8c983b7afb.jpg) 账号A,账号B [<img src="https://images.seebug.org/upload/201502/082146472e7b16fd543112fd8a22cb3e8002791d.jpg" alt="QQ截图20150208212729.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201502/082146472e7b16fd543112fd8a22cb3e8002791d.jpg) 在账号A修改截断,然后修改ID为账号B的ID 或者遍历都可以 [<img src="https://images.seebug.org/upload/201502/08214715c28808bea58c643fdc3877657d5699d3.jpg" alt="QQ截图20150208212751.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201502/08214715c28808bea58c643fdc3877657d5699d3.jpg) 后头来看账号A多了一个 [<img src="https://images.seebug.org/upload/201502/0821473127bea0a7b625215efd18d084bdc8692c.jpg" alt="QQ截图20150208212821.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201502/0821473127bea0a7b625215efd18d084bdc8692c.jpg) 而账号B的资料已经被删除 如果我们遍历ID~~那么 全站资料可以被删除