### 简要描述:
测试了2.7.3-2.7.4 都存在这个漏洞 应该是通杀吧:)
### 详细说明:
随便找一个商品购买 数量填999999999999
[<img src="https://images.seebug.org/upload/201511/1015571527c44ffdf76c17ebfb91c04aba2bdb49.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/1015571527c44ffdf76c17ebfb91c04aba2bdb49.jpg)
然后会让你填写缺货登记 数据随便填
[<img src="https://images.seebug.org/upload/201511/10155759a8c914a97ed9ad12ac8dc747559e41cf.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/10155759a8c914a97ed9ad12ac8dc747559e41cf.jpg)
然后利用burp抓包 修改掉email中的数据提交
[<img src="https://images.seebug.org/upload/201511/101559220e2071ff5e8f63f96fad1cd27f78e285.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/101559220e2071ff5e8f63f96fad1cd27f78e285.jpg)
然后坐等管理员审核缺货登记。。。
### 漏洞证明:
[<img src="https://images.seebug.org/upload/201511/1016000095222b8005a3e2bb574488fd5ba9b9b2.jpg" alt="4.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/1016000095222b8005a3e2bb574488fd5ba9b9b2.jpg)
[<img src="https://images.seebug.org/upload/201511/10160010f74d8379618fd0358731791a7fa0fc70.jpg" alt="5.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/10160010f74d8379618fd0358731791a7fa0fc70.jpg)
过滤
京公网安备 11010502034610号
暂无评论