SiteServer cms Cookie spoofing vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201339209
Type myhack58
Reporter 节奏感@乌云
Modified 2013-06-12T00:00:00


Brief description:

. net platform SiteServer cms he the powerful is unquestionable, but the problem is also many,

The discovery of the cookies tricking a gold after testing, 3.44 above version of the pass to kill

Detailed description:


Local set up an environment and then log in to grab the management of cookies

Then delete the administrator Exchange account change the password to empty cookies on the landing of the time to find cookies value only useradmin=admin

This change for the current account and therefore bold determined cookies should be assigned a fixed value

BAIRONG. VC. ADMINLOGIN=6 8 8 7; SITESERVER. ADMINISTRATOR. AUTH=0F7B10036E9FF94D33C4BE742E7D281E1BE923AEBB391E74FDB29EBCD0562DA027A340852E7CCAAAEAD4CA1EC30DF07E90A2CE42E5D862C84E1B06694F0C7A09788B7EE26000E7CBD14DE6AAE8E540BE403328B18792B24315DE96818A63D90CF8160F2DBCF97883216714E8AC81D63D0933DCBE; SITESERVER. ADMINISTRATOR. USERNAME=admin; lzstat_uv=28995594273945333853/677603;

Then the test found that as long as USERNAME=admin target site does have administrator admin can make cookies cheat login




Then continuously tested several 3. 4 4 version found indeed above stated useraaname=administrator account cookies in this article correctly it can be deceiving sign

The backend file management service cannot upload aspx but in a new place can be arbitrarily created pass horse chopper.

Repair solutions:

Encryption encryption filter filter,,,,,,,