BaijiacmsV3|BaijiacmsV3 information disclosure
Information leakage caused by improper control of authority (“https://github.com/baijiacms/baijiacmsV3”)
The backstage interface needs to be added to a store,After the domain name is configured, visit the store home page.
文章图片
文章图片
There is a leak of information on the user's receipt address.
Example:"http://127.0.0.1/baijiacmsV3-master/index.php?mod=mobile&name=shopwap&do=myorder&op=detail&orderid=3&beid=2"
Response:{"message":{"id":"1","realname":"zhangsan","mobile":"13112345678","province":"\u5317\u4eac\u5e02","city":"\u5317\u4eac\u8f96\u533a","area":"\u4e1c\u57ce\u533a","address":"zhangsan_test"},"redirect":"","type":"ajax"}
【BaijiacmsV3|BaijiacmsV3 information disclosure】Beid parameter values can be modified to see other user receiving addresses.
推荐阅读
- 信息熵,KL散度,JS散度
- Information|实验吧 后台登录writeup
- Guideline 1.5 - Safety - Developer Information.The support URL specified in your app’s metadata
- idea 提示Information:javac 1.8.0_251 was used to compile java sources
- Information|RSA | 模重复平方算法 | C语言实现
- AI学习|Semantic Sentence Matching with Densely-connected Recurrent and Co-attentive Information,语义相似度
- Information|入侵检测基础知识
- Bug: NvRmPrivGetChipPlatform: Could not read platform information
- 招聘(Senior Information Security Engineer)
- 讯号协议|VGAtiming information