XPSHOP Shopping Mall system Cookies spoofing vulnerability-vulnerability warning-the black bar safety net

2008-11-10T00:00:00
ID MYHACK58:62200821031
Type myhack58
Reporter 佚名
Modified 2008-11-10T00:00:00

Description

Article authors: 1 2 1 7 1 1 0 9 0 Information source: evil octal information security team www.eviloctal.com)

Accidentally found this loophole..official now also don't know...I'm not elsewhere in the published Oh.. This vulnerability is bad...to the straight pull change people the administrator password!! A little bit wicked!!!... But for the sake of our network more secure..or see it...

First, take a look at this station.: http://demo1.xpshop.cn/ First register a user in ... in order to facilitate also in order to don't then the garbage account in the people in the system. I this the way I registered the user name:wc1217 password:7 7 4 2 3 7 0 4

Good..or? D open the site the better..see screenshot:remember to keep cookies

! After they look at his Cookies... ! The code:

LoginCode=0 6 8 4; demo1. xpshop. cnResource=zh-cn; ASP. NET_SessionId=3pxjo23zuikyrk45mx0g4a55; XpShop_CartID=0f810c00-fbbf-4 9 8 4-951e-555357b14a54; demo1. xpshop. cnLogin=mid=1 4

We change these two values:LoginCode=0 6 8 4;mid=1 4....... Are into 1 :

The code:

LoginCode=1; demo1. xpshop. cnResource=zh-cn; ASP. NET_SessionId=3pxjo23zuikyrk45mx0g4a55; XpShop_CartID=0f810c00-fbbf-4 9 8 4-951e-555357b14a54; demo1. xpshop. cnLogin=mid=1

Click on modify..after the right key to refresh the look..you want to note. Don't brush too fast...or else it is useless..

After like this: ! Of course..also there is probably no..then we have to change the:"ASP. NET_SessionId=" this value just fine..just change one word on the line:as follows:

The code:

LoginCode=1; demo1. xpshop. cnResource=zh-cn; ASP. NET_SessionId=fu1q1w3g3qc2vn55naohei55; XpShop_CartID=0f810c00-fbbf-4 9 8 4-951e-555357b14a54; demo1. xpshop. cnLogin=mid=1

Okay..now let's look at the membership information: Isn't there a"retrieve password answer:"uh..... Bit think about it..you can change the administrator password.. http://demo1.xpshop.cn/memberLostpass.aspx 这个 是 改 密码 的.. In the following figure: ! Success..... http://demo1. xpshop. cn/admin/default. aspx here after login is how to get a WEBSHELL.. But I haven't been into something..the theory is the only way...see.. ! The first plug horse..then backup..but here something went wrong.. Also hope people can come up with a better way.. I think a night..... No choice..... http://demo1.xpshop.cn/admin/ftb.imagegallery.aspx?frame=1&rif=admin&cif=admin this can be a column directory

Well..it so much..... Which bit of people get out of the good way..don't expect anymore tell me...contact details:http://blog. sina. com. cn/qq1217

http://demo1.xpshop.cn/helps/t.txt

Add flash ads can be uploaded directly horse

Marketing management - flash banners add