ecshop modify any user password vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201027868
Type myhack58
Reporter 佚名
Modified 2010-09-15T00:00:00


ecshop in the design of the authentication mechanism when there is a problem, resulting in malicious users can steal other user's password

In ecshop permissions mechanisms which modify a password is needed to know the original password, but modified to retrieve the password of the Email without the need for any other restrictions, is a typical design error, successful exploitation of this vulnerability can modify other user's password

1 build the html page and modify the email parameters to trick the user to access 2 by modifying the email to get back password to get permissions for other users

Vendor reply: The system in the password to get back when get the email from the member list remove, and modify this email address, and save in session the user id verification, A user cannot modify to the B-subscriber's email address