Mice(finding the policy)CMS V4. 2 XDAY-vulnerability warning-the black bar safety net

ID MYHACK58:62201026720
Type myhack58
Reporter 佚名
Modified 2010-04-14T00:00:00


Mice V4. 2 is currently the latest version. No nonsense, first look at the backend, the admin back-end home page with a login IP, the use of this vulnerability can be IP modify any of the

Characters, including the HTML and JS. Yes, so that you can cross out the administrator password.


Use method:

  1. The front Desk to register a user.

  2. To log and capture.

  3. The modified packet forgery X-Forwarded-For what,not? See my previous article.

In the package, add the phrase:

X-Forwarded-For: <script>alert(/sub - ↘meter/)</script>' where username = 'admin'#

  1. Submit data package.

In this case administrator access to the background page, the malicious code is executed, a dialog box POPs up, as shown in Figure


But the need to manage online at the same time, if the new login is invalid, probably everyone will think this is too tasteless, the administrator with your

Online at the same time the possibility of too small, it doesn't matter, and then carefully think about it, just we executed SQL statement is

update XXX set loginip = 'malicious' where username = 'admin', specify modify the admin IP,

If this is the submitted update XXX set loginip = 'malicious code', The where back are removed, cancel the user limit, then the

Malicious code will be added to all registered users. At this time all online users will be affected, hacking hanging horse, adultery captivity, the

Do whatever they want with it.