Taohuawu Adult Products mall vulnerability allows you to view any user order

Taohuawu Adult Products mall vulnerability allows you to view any user order

Mainly concentrated on the client

Vulnerabilities discovered by others still exist.

WooYun: Packaging and distributing multiple vulnerabilities of Adult Products in taohuawu

There are also several vulnerabilities

1. XSS
 

 

 

 

 

 

You can use XSS at the recipient, mobile phone number, address, email address, and zip code.



2. Reset any User Password

The verification code on the Web page does not expire and can be cracked.
 

The app uses a six-digit verification code, but there are other problems.



3. Any mobile phone number Registration
 

The client directly returns the verification code upon registration.



4. View order/order information of any user

When the client is viewing its own orders
 

Device_token can be ignored.

Query by userid directly

Traverse userid
 

If the length is not 408, the ticket is submitted.

Orderid can be obtained.
 

Orderid and userid can be used to obtain order details.



The following are exciting moments

5. Any order amount

This is different from the previous one. It exists in the app.
 

I sent the ticket. If the manufacturer sent the ticket, it indicates that the vendor did not feel any impact, and I received the ticket. If the ticket was not sent, it indicates that the vendor found the ticket and hoped that the vendor could fix the vulnerability as soon as possible.

 

 

Solution:

Permission.