-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
There is login bypass in doracms #256
Comments
这个poc怎么写哦,怎么生成个长时间的admin_doracms与admin_doracms.sgi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There is login bypass in doracms2.18 and earlier versions. When logging in, you can bypass the login user authentication by replacing the return package with the return package after a system successfully logs in.
[Vulnerability proof]
Step 1:Log in to the system through the default account doracms and record the returned package.
Step 2:Use this return package to log in to other doracms systems.
Step 3:Successfully bypassed login to enter the system.
The text was updated successfully, but these errors were encountered: