ShopEx收货地址可任意查看修改删除

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: 普通会员登录网站后,通过恶意构造的URL可以实现对整个网站的收货地址查看、修改、和删除。 造成用户敏感隐私泄漏和网站不必要的损失。 ### 详细说明: core/shop/controller/ctl.member.php文件 ``` //修改收货地址 function modifyReceiver($addrId){ $oMem = &$this->system->loadModel('member/member'); if($aRet = $oMem->getAddrById($addrId)){ $aRet['defOpt'] = array('0'=>__('否'), '1'=>__('是')); $this->pagedata = $aRet; }else{ $this->system->error(404); exit; } $this->_output(); } function saveRec(){ $this->begin($this->system->mkUrl('member','modifyReceiver',array($_POST['addr_id']))); $oMem = &$this->system->loadModel('member/member'); if($oMem->saveRec($_POST,$this->member['member_id'],$message)){ $this->redirect('member','receiver'); } trigger_error($message, E_USER_ERROR); $this->end(false,__('修改失败'),$this->system->mkUrl('member','modifyReceiver',array($_POST['addr_id']))); } //删除收货地址 function delRec($addrId){ $oMem = &$this->system->loadModel('member/member'); if($oMem->delRec($addrId)){ $this->redirect('member','receiver'); } $this->_output(); } ```...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息