{"type": "myhack58", "published": "2015-02-13T00:00:00", "reporter": "\u4f5a\u540d", "bulletinFamily": "info", "id": "MYHACK58:62201559049", "cvss": {"vector": "NONE", "score": 0.0}, "enchantments": {"score": {"value": 1.2, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 1.2}, "edition": 1, "viewCount": 1, "cvelist": [], "references": [], "lastseen": "2016-11-14T18:14:53", "href": "http://www.myhack58.com/Article/html/3/62/2015/59049.htm", "modified": "2015-02-13T00:00:00", "title": "ecshop background a brute-force CAPTCHA bypass-vulnerability warning-the black bar safety net", "description": "ecshop background of violence crack\n\n### Detailed description:\n\n! [\u9009\u533a _092.jpg](/Article/UploadPic/2015-2/201521310140205.jpg)\n\n\n\n\n\nLogin request for \n\n\n\ncode area\n\n\nusername=admin&password=admin888&captcha=1 1 1 1&act=signin\n\n\n\n\n\nRequest remove cookie in ECSCP_ID=parameter \n\n\n\nService the end it will not verify the CAPTCHA directly to verify that the account password is correct. \n\n\n\nUsing burp to brute force test.\n\n! [\u9009\u533a _093.jpg](/Article/UploadPic/2015-2/201521310140803.jpg)\n\n### Vulnerability proof:\n\n! [\u9009\u533a _093.jpg](/Article/UploadPic/2015-2/201521310140803.jpg)\n", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645419388}}

{}