phpwind can bypass the verification code to continue the violent crack users, demo demo-a vulnerability warning-the black bar safety net

ID MYHACK58:62201559048
Type myhack58
Reporter 佚名
Modified 2015-02-13T00:00:00


First came to phpwind official website to see, found phpwind has been updated to 9. 0, website is the latest program

! 1. png

Then came the landing place can be seen, the site has CAPTCHA restrictions, sank half)

! 2. png

Then pick an account login see, the input error will find that there are the landing times of the limit of completely feeling hopeless. in.

! 3. png

Here I thought he was sealed to IP, IP to do the limit, but I did not give up Ah, change an account just login found turned out to be the account limit instead of ip core hot half)

! 4. png

Since the landing limit is solved, it would be much easier, the code bypasses the I'm still relatively confident of, first grab a bag to look at it, find the username and password are all transmitted in the clear, and the Code of the package is to be caught

! 5. png

Then look under display.

! 6. png

Then look at the error code in the echo

! 7. png

[1] [2] [3] [4] next