Will Bo CMS(JumboTCMS)_V6 code audit summary-vulnerability warning-the black bar safety net

2012-09-07T00:00:00
ID MYHACK58:62201234862
Type myhack58
Reporter 佚名
Modified 2012-09-07T00:00:00

Description

Author: Seay

Blog: http://seay.sinaapp.com/

I learn software testing Professional, the most recent school to prepare for this aspect of the course, so want to find a set ASP. NET open source CMS play, Baidu the next, saw the Bo CMS, popularity is also quite high, went to the official website to download the 6. 0 the latest version, NND, install are install not, anyway, what are the error message...really don't know the official is not intentional...so it took two days to put the program debugging good, to finally be able to run up...run up database data are manually inserted to the...I....the program features can not see, can only see the code slower, many things also don't look good...forget it, barely see it...I also was the first contact This set of procedures.

Originally wanted to find what the injection csrf or something, the code looked again, didn't find what can be the use of personal technology problem.

First, after installing the didn't prompt or automatically delete the installation file

After installation you are not prompted, or automatically delete the install directory file,

Direct access to http://seay. sinaapp. com/install/default. aspx can be directly re-install the program,

Second, the Cookie saves the user name and password

Cookie something a little more,

! [](/Article/UploadPic/2012-9/20129711415737.jpg)

id=2&name=ss123&nickname=ss123&password=e10adc3949ba59abbe56e057f20f883e&email=1 1 6 0 5 4 9 3 8 4%40qq. com&groupid=1&groupname=%e4%b8%b4%e6%9 7%b6%e7%9 4%a8%e6%8 8%b7&setting=1%2c1%2c1%2c0%7c23%2c1%2c10%2c10%2c1%2c0%2c1%2c1%2c5%2c1%2c1%2c5%2c1%2c1%2c5%2c&cookies=c42071141

Passwords are saved in it, with the followingXSS

Third, the statistics plug-inXSSvulnerabilities:

Look at the code:

! [](/Article/UploadPic/2012-9/20129711415775.jpg)

string _contentid = str2str(q(“id”));

[1] [2] [3] [4] [5] next