Submeter #560782: fuyang_lipengjun platform 1.0.0 broken function level authorizationinformação

Títulofuyang_lipengjun platform 1.0.0 broken function level authorization
DescriçãoDescription: The /enSale endpoints allow direct product state modification by ID without validating user role or resource ownership. Any authenticated user can craft a request with another merchant's product ID and change its status. Vulnerability Type: Broken Fucntion Level Authorization (BFLA) Affected Endpoints: /enSale Impact: Unauthorized manipulation of product visibility and state, leading to possible disruption of business operations. Attack Prerequisites: - Knowledge or guess of product ID - Authenticated but low-privilege user Proof of Concept: POST /api/goods/enSale Body: {"id": 1001}
Fonte⚠️ https://www.cnblogs.com/aibot/p/18830909
Utilizador
 Anonymous User
Submissão17/04/2025 09h57 (há 1 Ano)
Moderação30/04/2025 15h01 (13 days later)
EstadoAceite
Entrada VulDB306627 [Weitong Mall 1.0.0 Sale Endpoint ID Elevação de Privilégios]
Pontos20

VoltarVisão GeralPróximo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!