The Hang Seng JRES platform registration vulnerability, you can hack the registry-the vulnerability warning-the black bar safety net

2015-01-15T00:00:00
ID MYHACK58:62201558041
Type myhack58
Reporter 佚名
Modified 2015-01-15T00:00:00

Description

! plugin.jpg

The eclipse-jres\plugins\com. hundsun. ares. studio. jres. register_1. 1. 0. 2 0 1 2 0 8 2 9 1 4 0 8. jar to decompile,according to the com\hundsun\ares\studio\jres\register\RegisterUtil. the java file can get the registration file of the encryption way and key.

The eclipse-jres\keys directory on the original ares. key decryption:

code area

<regunits>

<regunit id="jres" key="xxxxxxxxxxxxxxxx" date="2 0 1 2 1 2 3 1">

<field id="jres. username" label="username" value="xxxxxxx"/>

<field id="jres. edition" label="version" value="1.1"/>

<field id="jres. company" label="Company name" value="Bank four"/>

<field id="jres. buildpermission" label="compiled permissions" value="1" displayValue="1_ compile"/>

</regunit>

</regunits>

Where key is the machine code,The date is an expiration time,after the replacement, re-encryption,the registration is successful.

Vulnerability to prove:

! unregister.jpg

! unregister2.jpg

! register.jpg

Repair solutions:

Enhanced verify,or networking certification or something.