About the administrator password.
In this article, you have obtained the MD5 of the administrator password! I do not know that the ec Administrator password encryption method has changed from that version. $ ec_salt = rand (1, 9999); md5 (md5 ($ pwd ). $ ec_salt; it is difficult to identify the brothers who get md5 through injection! No hope of brute-force cracking. But .. The ec background password retrieval gave everyone hope. This Bug may have been exploited for a long time. See the code admin/get_password.php 138.
/* Verify the new password and update the administrator password */elseif (! Empty ($ _ POST ['action']) & $ _ POST ['action'] = 'reset _ pwd ') {$ new_password = isset ($ _ POST ['Password'])? Trim ($ _ POST ['Password']): ''; $ adminid = isset ($ _ POST ['adminid'])? Intval ($ _ POST ['adminid']): 0; $ code = isset ($ _ POST ['code'])? Trim ($ _ POST ['code']): ''; if (empty ($ new_password) | empty ($ code) | $ adminid = 0) {ecs_header ("Location: privilege. php? Act = login \ n "); exit;}/* match the code value with the user's original password */$ SQL = 'select password from '. $ ecs-> table ('admin _ user '). "WHERE user_id = '$ adminid'"; $ password = $ db-> getOne ($ SQL); if (md5 ($ adminid. $ password) <> $ code) {// This link is invalid $ link [0] ['text'] = $ _ LANG ['back']; $ link [0] ['href '] = 'privilege. php? Act = login '; sys_msg ($ _ LANG ['Code _ param_error'], 0, $ link);} // update the Administrator's password $ ec_salt = rand ); $ SQL = "UPDATE ". $ ecs-> table ('admin _ user '). "SET password = '". md5 (md5 ($ new_password ). $ ec_salt ). "', 'EC _ salt' = '$ ec_salt '". "WHERE user_id = '$ adminid'"; $ result = $ db-> query ($ SQL );
We can see that the problem is solved by using md5 ($ adminid. $ password) = $ code: You can reset the password. As mentioned above, the two values have the same number of codes, which is obvious and there are no restrictions here, brute-force cracking (password dictionary + salt of 1-9999) exists ). High cost. But it can be automated.
Solution:
Change to a code generation method that is more prohibited. Add a verification code.