### 简要描述:
通用
### 详细说明:
越权漏洞
### 漏洞证明:
[<img src="https://images.seebug.org/upload/201502/08214619b2199bb08023f4ef8c6c39f8f42d003a.jpg" alt="QQ截图20150208212633.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201502/08214619b2199bb08023f4ef8c6c39f8f42d003a.jpg)
[<img src="https://images.seebug.org/upload/201502/08214626b25cbc373756ac4538aa3d8c983b7afb.jpg" alt="QQ截图20150208212655.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201502/08214626b25cbc373756ac4538aa3d8c983b7afb.jpg)
账号A,账号B
[<img src="https://images.seebug.org/upload/201502/082146472e7b16fd543112fd8a22cb3e8002791d.jpg" alt="QQ截图20150208212729.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201502/082146472e7b16fd543112fd8a22cb3e8002791d.jpg)
在账号A修改截断,然后修改ID为账号B的ID 或者遍历都可以
[<img src="https://images.seebug.org/upload/201502/08214715c28808bea58c643fdc3877657d5699d3.jpg" alt="QQ截图20150208212751.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201502/08214715c28808bea58c643fdc3877657d5699d3.jpg)
后头来看账号A多了一个
[<img src="https://images.seebug.org/upload/201502/0821473127bea0a7b625215efd18d084bdc8692c.jpg" alt="QQ截图20150208212821.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201502/0821473127bea0a7b625215efd18d084bdc8692c.jpg)
而账号B的资料已经被删除
如果我们遍历ID~~那么 全站资料可以被删除
暂无评论