Simple-Log 1.2 delay injection vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201129209
Type myhack58
Reporter 佚名
Modified 2011-02-18T00:00:00


Vulnerability file: /user.php


Continue to follow isset_member a function of usage. The interception of the part of the code. /includes/base.function.php


Not a deeper layer of the call, lest everyone see the mess. As long as the POST submitted in the admin +injected into the statement to make it true. Because admin is the administrator name that the average person is not going to change. So in the end is true. post submission, we manufacture a form is OK. Here I also do not send EXP. Made a also get working one by one. Required tools and... Because of hand trouble, I didn't go to test, who to test after return.