The unauthorized deletion vulnerability of the Public Interest advertisement of Yiyun (the advertisement created by all users can be deleted)

The unauthorized deletion vulnerability of the Public Interest advertisement of Yiyun (the advertisement created by all users can be deleted)

An unauthorized operation vulnerability exists in the ad spaces created by the webmaster in the Yiyun user center, which allows attackers to delete the ad spaces created by other users.

1. log on to the user center with "target user" to view the "My webmaster advertising space" under the "my benefits" Page and view the front-end code of the Advertising Space Operation:

Function delPlace (id, pid, types) {if (! Confirm ('Are you sure you want to delete this ad space! ') {Return;} if (types = 1) {var $ url ='/Place404/del ';} else {var $ url = '/Place/delPlace';} $. ajax ({url: $ url, type: 'post', dataType: 'json', data: {id: id, pid: pid}, success: function (data) {// dialogs ('','

Deleted

',2); if(types == 0){ $('#place_'+id).remove(); } } }) }

2. By creating three different ad spaces, we can see that 39067 of them are ad space IDs.

3. log on to the personal center of Yiyun with "test user", create a test ad space, and change the ad space ID 39068 to "target user" ad space ID 39067.
 

 

 

Log on to the "target user" account to view the "My webmaster advertising space". The "target advertising space" created is deleted.
 

 

Solution:

Adds operation permission verification for users.