Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Weak encryption(MD5) leads to backstage violent cracking #188

Closed
Jayway007 opened this issue May 16, 2018 · 10 comments

Comments

Projects
None yet
9 participants
@Jayway007
Copy link

commented May 16, 2018

A simple MD5 encryption is used in Z-BlogPHP 2.0.0's backstage login page,and it uses single element authentication,resulting in a violent break into the backstage.
POC:
Backstage login page:
default
Grab data packets to get fields,MD5[admin]=21232f297a57a5a743894a0e4a801fc3
default
Then load a dictionary for violent cracking:
default
Access into the backstage of the website:
default

@zsxsoft

This comment has been minimized.

Copy link
Member

commented May 16, 2018

你认真的?

@secoba

This comment has been minimized.

Copy link

commented May 24, 2018

@iBearcat

This comment has been minimized.

Copy link

commented May 24, 2018

兄dei ,你牛逼,我服。

@Lucifer1993

This comment has been minimized.

Copy link

commented May 24, 2018

围观.jpg

@c0rpse

This comment has been minimized.

Copy link

commented May 24, 2018

围观2.jpg

@pilgrimhk

This comment has been minimized.

Copy link

commented May 24, 2018

吃瓜群众路过

@AGLcaicai

This comment has been minimized.

Copy link

commented May 24, 2018

What the....Are you serious?

@c0rpse

This comment has been minimized.

@zsxsoft

This comment has been minimized.

Copy link
Member

commented May 25, 2018

@c0rpse 绝了

@SukaraLin

This comment has been minimized.

Copy link

commented Sep 1, 2018

围观,tql了(可惜没办法发狗头.jpg)

@zblogcn zblogcn locked as resolved and limited conversation to collaborators Jan 31, 2019

@zblogcn zblogcn unlocked this conversation Feb 15, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.