php source code audit of the cookies spoofing-vulnerability warning-the black bar safety net

2012-02-23T00:00:00
ID MYHACK58:62201233175
Type myhack58
Reporter 佚名
Modified 2012-02-23T00:00:00

Description

ebycms is a mobile music cms system

Direct codes

admin 目录 下 的 in.php

<? php require_once('L:/wamp/www//fern.php');Annotation("L:\wamp\www\eby\admin\in.php_0");define(EBY_IN,TRUE); define('ADMIN_ROOT', str_replace("\","/",dirname(FILE))."/"); define('EBY_ROOT',dirname(ADMIN_ROOT).'/'); require_once (EBY_ROOT.'control/init.php');$AdminCookies = $_COOKIE['admin']['name'];if($AdminCookies=="){exit(showmsg('username or password wrong',2,'index.php'));}?>

Judgment$AdminCookies is empty if not empty on landing into $AdminCookies the value of the source cookies admin[name]value

Modify cookies to bypass authentication

!

!