version:1.0
No login required.
View source code admin_verify.php
he judgment is that if the query results of login name and password are not the same, the judgment is that the password or user name is wrong
This is obviously wrong. According to this meaning, you can log in successfully as long as the user name and password are matched
We test that the login name is admin password arbitrary
Login succuss!
suggest:Change this code to
if($name != $row['name'] || $pass != $row['pass']){
author:zionlab@dbappsecurity.com.cn
The text was updated successfully, but these errors were encountered:
version:1.0

No login required.
View source code admin_verify.php
he judgment is that if the query results of login name and password are not the same, the judgment is that the password or user name is wrong
This is obviously wrong. According to this meaning, you can log in successfully as long as the user name and password are matched
We test that the login name is admin password arbitrary

Login succuss!
suggest:Change this code to
if($name != $row['name'] || $pass != $row['pass']){
author:zionlab@dbappsecurity.com.cn
The text was updated successfully, but these errors were encountered: