Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
myhack58佚名MYHACK58:62201339752
HistoryJul 20, 2013 - 12:00 a.m.

6 0 degrees™ CMS 1.0 background the COOKIE trick and back directly GETWEBSHELL-vulnerability warning-the black bar safety net

2013-07-2000:00:00
佚名
www.myhack58.com
10
JSON

6 0 degrees™ CMS official administrator of a dick. To submit a TICK to. Contact the author, and. The authors confirm, and then TICK the inside ignored. Be a dick and post it out

Official download address:<http://60du.net/index.html&gt;

The core file is: administrator directory under check. asp

|

1

2

3

4

5

6

7

8

9

1 0

1 1

1 2

1 3

1 4

1 5

1 6

1 7

1 8

1 9

2 0

2 1

2 2

2 3

2 4

2 5

|

&lt;%

To determine whether the user login

if session(“cmsname”)=“” and instr(CStr(Request. ServerVariables("SCRIPT_NAME")),site_install&AdminPath&"/login. asp")=0 then`

if request. Cookies("cmsname")="" then //determine cookie cmsname is empty`

response. Redirect(site_install&AdminPath&"/login. asp")`

elseif Session("admin_id") =null then /determine the cookie cmsname is empty`

Response. Write("&lt;script&gt;alert('login timeout!'); parent. location = '"&site_install&AdminPath&"/login. asp';&lt;/script&gt;")`

else`

session("cmsname")=request. Cookies("cmsname") `

session("cmsid")=request. Cookies("cmsid")`

end if`

end if

%&gt;

—|—

[1] [2] next

JSON