Shulou(Shulou.com)06/03 Report--

Editor to share with you how to fix Ecshop pages.lbi.php Xss loopholes, I believe most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

When building a station with ecshop some time ago, 360reported that there was a serious loophole:

Ecshop pages.lbi.php Xss vulnerability

= I am the dividing line =

Description:

The target has a cross-site script *.

1. Cross-site scripting means that a malicious person inserts a piece of malicious code into a web page. When a user browses the web page, the malicious code embedded in the web page will be executed. It is commonly used to steal browser cookie.

+ expand

Harm:

Malicious users can use this vulnerability to steal user account information, simulate the login of other users, and even modify the content presented to other users.

Solution:

Temporary solution:

1. Use 360 protection script

= I am the dividing line =

So use 360 to protect the script, but to no avail. So I had to do it myself.

Let's first analyze the cause of this loophole:

When you directly access temp/compiled/pages.lbi.php and browse to the source file, you will find the following code:

Obviously, this form is incomplete. When such url access is constructed, it causes code to be executed on the client side:

Temp/compiled/pages.lbi.php/ "alert (/ cfreer/)

Obviously, the principle of this vulnerability is to close the form and then execute javascript on the client.

Then analyze the cause of the unclosed form, open the page.lbi.php file, and you can see the following code

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.