Brief description: only tested DEDECMS V5. 7 system,the previous version of the estimates is the same.
In the official address to be a simple test,should be regarded as a small BUG,using this you can infinite brush an article of the top/tread value.
Detailed description: although the front page did the visitor can only submit a limited, but direct URL access is not limited, as long as the press the F5, while it could be hundreds of thousands。。。。
And dede the official also wood has to do with this aspect of limitation. www.badguest.cn... and You know
Vulnerability to prove: http://www.dedecms.com/plus/feedback.php?aid=1102&action=bad&fid=1 1 0 2
Repair solutions: 对feedback.php file added to determine a single IP submission number and submission time interval limit.
Besides, the change does not change the IP, one IP record-keeping 2 4 hours, The time to clear.