ecshop background a brute-force CAPTCHA bypass-vulnerability warning-the black bar safety net

2015-02-13T00:00:00
ID MYHACK58:62201559049
Type myhack58
Reporter 佚名
Modified 2015-02-13T00:00:00

Description

ecshop background of violence crack

Detailed description:

! 选区 _092.jpg

Login request for

code area

username=admin&password=admin888&captcha=1 1 1 1&act=signin

Request remove cookie in ECSCP_ID=parameter

Service the end it will not verify the CAPTCHA directly to verify that the account password is correct.

Using burp to brute force test.

! 选区 _093.jpg

Vulnerability proof:

! 选区 _093.jpg