| शीर्षक | fuyang_lipengjun platform 1.0.0 broken function level authorization |
|---|
| विवरण | Description: The /enSale endpoints allow direct product state modification by ID without validating user role or resource ownership. Any authenticated user can craft a request with another merchant's product ID and change its status.
Vulnerability Type: Broken Fucntion Level Authorization (BFLA)
Affected Endpoints: /enSale
Impact: Unauthorized manipulation of product visibility and state, leading to possible disruption of business operations.
Attack Prerequisites:
- Knowledge or guess of product ID
- Authenticated but low-privilege user
Proof of Concept: POST /api/goods/enSale Body: {"id": 1001} |
|---|
| स्रोत | ⚠️ https://www.cnblogs.com/aibot/p/18830909 |
|---|
| उपयोगकर्ता | Anonymous User |
|---|
| सबमिशन | 17/04/2025 09:57 AM (1 वर्ष पहले) |
|---|
| संयम | 30/04/2025 03:01 PM (13 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 306627 [Weitong Mall 1.0.0 Sale Endpoint पहचान अधिकार वृद्धि] |
|---|
| अंक | 20 |
|---|