WEEDCMS management system background of weak passwords+ - sensitive information disclosure-vulnerability warning-the black bar safety net

ID MYHACK58:62201338283
Type myhack58
Reporter 佚名
Modified 2013-04-13T00:00:00


Brief description:

Through access to vulnerability files can get the user name account and password.

But the background presence of the Universal password.

Detailed description:

Visit: http://www.xxxx.com/install.lock

You can get the administrator account and password information, the password is sha1 encrypted.

后台 地址 http://www.xxxx.com/admin.php

Then use the Universal password can smoothly enter.

Vulnerability to prove:




Repair solutions:

This I would not have said.