Mccawlin vulnerability: XSS + verification logic vulnerability combination + weak background password + sensitive information leakage

An example of XSS + logic vulnerability verification.>. <

Only one reflected XSS is found>. <
The parameter that is not filtered is CatalogName.
Http://www.m18.com/Style/CatalogSubscribe.aspx? CatalogName = "> <script> alert (/xss/) </script> & CommentUrl = http://www.m18.com/Catalog/F90411/cover.html&Picture=http://img.m18.com/IMG2008/catalog/F90411.jpg
 
 
 
 
After you log on with a cookie stolen by XSS, there is no verification step when you modify the email address used for Logon. You can change the email address to one that you can control.
 
 
 
 
After sending the email, you only need to click the link to modify the email address used for logon.
 
 
 
 
Then, use the email password retrieval function to change the logon password.
 
 

 
 


Solution:

1. filter parameters.
2. Add verification when modifying the logon email address.



1. the user name and password of the mccailin text message platform are admin. after entering the platform, you can send SMS messages such as promotions.
Http: // 221.181.122.150: 1108/Manager/default. aspx
 
 
 
 
 
2. Two magical URLs Leak User Name and other information, and there are still changes after refreshing (sometimes you need to refresh several more times)
Http://comm.m18.com/comment/hotcomment.htm? From = home
Http://comm.m18.com/comment/hotcomment.htm? From = list & size = 6 & class = N1
 
 
 
 
3. Rsync Information Leakage
Address: 211.100.47.5
 
 


 

Solution:

Modify weak passwords and access control.