In addition to logging in through the user name and password, you can also log in through the "col" and "openid" parameters, But these two parameters are completely controllable. That causing any user to login vulnerability
poc:
POST /index.php/user/login
openid=1&col=user_id
Local test results:
The text was updated successfully, but these errors were encountered:
View the login code,
In addition to logging in through the user name and password, you can also log in through the "col" and "openid" parameters, But these two parameters are completely controllable. That causing any user to login vulnerability
poc:
Local test results:
The text was updated successfully, but these errors were encountered: