ESCMS vulnerability website system 0day-vulnerability warning-the black bar safety net

Version:ESCMS V1. 0 SP1 Build 1 1 2 5 Background login authentication is through the admin/check. asp achieved,look at the code % if Request. cookiesCookiesKey"ESadmin"="" then 'Note that here Oh,he is by COOKIE validation ESadmin is empty,we can forge a value,called he is not empty 'CookiesKey i...