New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Weak encryption(MD5) leads to backstage violent cracking #188
Comments
|
你认真的? |
|
秀 |
|
兄dei ,你牛逼,我服。 |
|
围观.jpg |
|
围观2.jpg |
|
吃瓜群众路过 |
|
What the....Are you serious? |
|
@c0rpse 绝了 |
|
围观,tql了(可惜没办法发狗头.jpg) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A simple MD5 encryption is used in Z-BlogPHP 2.0.0's backstage login page,and it uses single element authentication,resulting in a violent break into the backstage.




POC:
Backstage login page:
Grab data packets to get fields,
MD5[admin]=21232f297a57a5a743894a0e4a801fc3Then load a dictionary for violent cracking:
Access into the backstage of the website:
The text was updated successfully, but these errors were encountered: