Skip to content

Zoe0427/YJCMS

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

YJCMS exist incorrect access control

  1. Introduction to YJCMS

YJcms is developed by gansu yunjing digital technology co., ltd. YJcms (Cloudscape cms) is an open source PHP enterprise website building management system developed based on ThinkPaPHP5.0.24. Yjcms adheres to the concept of minimalist, fast and extreme development, integrates enterprise, tourism and mall modules for development, and is a module and plug-in that can be easily and rapidly expanded. To facilitate developers to quickly build their own applications.

Address of the company's official website:www.eyunjing.cn

Test targets:

1.http://gszhjzx.com/user.html

2.http://lzrzjs.com/user.html

  1. Vulnerability exploitation process

The homepage of the normal website is shown as follows

http://xxx.com/

image

http://xxx.com/index/user/user_edit.html

Visit The Above Url

You can directly return the system user account and password without authentication information

image

The password is MD5 encrypted, crack it

image

image-20221109153839089

Let's visit this

http://xxx.com/user_login.html

Enter the account password we obtained, in order to check whether the login can be successful

Enter account: admin123

Password: admin123

You can see that the website was successfully logged in

image image

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published