- Log in to the website background using the website default password admin/admin
- Visit the csrf attack website,Add an administrator user
- The user was successfully created but could not log in. There was a problem with the system code. The created users could not log in. After checking the code, we found that the stored password was not the password we entered, but the 6th to 25th digits of the value encrypted by cmd5.
4.Attack content
- The user who created it has a security authentication string for protection, but it does not seem to verify whether it matches the authentication string in the page.
- The websites used in this test have not been attacked, and the test users have been deleted.
-
Notifications
You must be signed in to change notification settings - Fork 0
cai-niao98/Dedecmsv6
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
About
Dedecmsv6
Resources
Stars
Watchers
Forks
Releases
No releases published
Packages 0
No packages published