Vulnerability file: /user.php
Continue to follow isset_member a function of usage. The interception of the part of the code. /includes/base.function.php
Not a deeper layer of the call, lest everyone see the mess. As long as the POST submitted in the admin +injected into the statement to make it true. Because admin is the administrator name that the average person is not going to change. So in the end is true. post submission, we manufacture a form is OK. Here I also do not send EXP. Made a also get working one by one. Required tools and... Because of hand trouble, I didn't go to test, who to test after return.