Headline
CVE-2022-45276: GitHub - Zoe0427/YJCMS
An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated attackers to obtain the Administrator account password.
YJCMS exist incorrect access control
- Introduction to YJCMS
YJcms is developed by gansu yunjing digital technology co., ltd. YJcms (Cloudscape cms) is an open source PHP enterprise website building management system developed based on ThinkPaPHP5.0.24. Yjcms adheres to the concept of minimalist, fast and extreme development, integrates enterprise, tourism and mall modules for development, and is a module and plug-in that can be easily and rapidly expanded. To facilitate developers to quickly build their own applications.
Address of the company’s official website:www.eyunjing.cn
Test targets:
1.http://gszhjzx.com/user.html
2.http://lzrzjs.com/user.html
- Vulnerability exploitation process
The homepage of the normal website is shown as follows
http://xxx.com/
http://xxx.com/index/user/user_edit.html
Visit The Above Url
You can directly return the system user account and password without authentication information
The password is MD5 encrypted, crack it
Let’s visit this
http://xxx.com/user_login.html
Enter the account password we obtained, in order to check whether the login can be successful
Enter account: admin123
Password: admin123
You can see that the website was successfully logged in