Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
25 lines (18 sloc) 1.31 KB

Authentication Vulnerability

The problem code is in mc-admin/post.php

There are a lot of things here but it doesn't matter, let's take a look at the permission verification According to the analysis of the source code, the CMS's permission authentication is in mc-admin/head.php

The page was called in mc-admin/post.php , but it is in line 188.

In other words, we have already made the delete operation before the permission verification, so there is an unauthorized violation Let's get the ID of the article first

Constructing a POC /mc-admin/post.php?delete=qe54cn&state=delete Visit again and found that it has been deleted

Information Exposure

According to the previous operation, you can see that the path information is leaked. Here, you do not need to log in