Woven dream CMS system - visitors unlimited brush the top step on the value-vulnerability warning-the black bar safety net

ID MYHACK58:62201132745
Type myhack58
Reporter 佚名
Modified 2011-12-30T00:00:00


Brief description: only tested DEDECMS V5. 7 system,the previous version of the estimates is the same.

In the official address to be a simple test,should be regarded as a small BUG,using this you can infinite brush an article of the top/tread value.

Detailed description: although the front page did the visitor can only submit a limited, but direct URL access is not limited, as long as the press the F5, while it could be hundreds of thousands。。。。

And dede the official also wood has to do with this aspect of limitation. www.badguest.cn... and You know

Vulnerability to prove: http://www.dedecms.com/plus/feedback.php?aid=1102&action=bad&fid=1 1 0 2


Repair solutions: 对feedback.php file added to determine a single IP submission number and submission time interval limit.

Besides, the change does not change the IP, one IP record-keeping 2 4 hours, The time to clear.

Author SGKer