Enviar #851347: macrozheng mall 1.0.3 Insecure Direct Object Referenceinformación

Títulomacrozheng mall 1.0.3 Insecure Direct Object Reference
DescripciónA vulnerability was found in macrozheng mall up to 1.0.3 and classified as problematic. This issue affects the function create of the file /returnApply/create of the component Order Return Apply Handler. The manipulation of the argument orderId leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Technical details: The portal endpoint POST /returnApply/create copies the client-supplied request body directly into the persisted return-application entity without verifying that the order referenced by orderId belongs to the authenticated user. Ownership and amount fields (memberUsername, productPrice) are also taken from client input and are not validated server-side. As a result, any authenticated low-privileged user can submit a return application against another user's orderId (horizontal privilege escalation / IDOR) and forge the memberUsername and price fields. Proof of concept: 1. Register/log in two separate accounts A (attacker) and B (victim), each owning its own orders. 2. As account A, capture account B's orderId from B's order list. 3. As account A, send POST /returnApply/create with B's orderId and forged memberUsername/price fields. The request succeeds (HTTP 200, { "code": 200, "message": "操作成功", "data": 1 }) although the order does not belong to A. 4. The forged return record enters the normal business workflow and is visible/processable through the admin return-management interface, confirming the unauthorized write is persisted. Impact: unauthorized return submission against arbitrary orders plus forgery of ownership/amount fields, leading to business-logic abuse and data pollution. Vendor disclosure: the project does not provide a private vulnerability reporting channel and has historically been unresponsive to security reports. The vendor was therefore notified through a public GitHub issue, which also serves as the public disclosure reference: https://github.com/macrozheng/mall/issues/977
Fuente⚠️ https://github.com/macrozheng/mall/issues/977
Usuario
 Anonymous User
Sumisión2026-06-08 07:32 (hace 1 mes)
Moderación2026-07-09 07:07 (1 month later)
EstadoAceptado
Entrada de VulDB377112 [macrozheng mall hasta 1.0.3 Portal Endpoint /returnApply/create orderId escalada de privilegios]
Puntos20

Interested in the pricing of exploits?

See the underground prices here!