However, the bypass method is simpler than the previous one: http://www.bkjia.com/article/201308/239930.html --! Vulnerability file/admin/privilege. php
Elseif ($ _ REQUEST ['ac'] = 'signature') {if (! Empty ($ _ SESSION ['captcha _ word']) & (intval ($ _ CFG ['captcha ']) & CAPTCHA_ADMIN) {include_once (ROOT_PATH. 'shortdes/cls_captcha.php ');/* check whether the verification code is correct */$ validator = new captcha (); if (! Empty ($ _ POST ['captcha ']) &! $ Validator-> check_word ($ _ POST ['captcha ']) {// There is a serious logical error, that is to say, if I do not post the verification code, I can not check the verification code sys_msg ($ _ LANG ['captcha _ error'], 1 );}} $ _ POST ['username'] = isset ($ _ POST ['username'])? Trim ($ _ POST ['username']): ''; $ _ POST ['Password'] = isset ($ _ POST ['Password'])? Trim ($ _ POST ['Password']): '';
...... Proof:
The same http://www.bkjia.com/Article/201308/239930.html just does not need to submit the captcha Field
Solution:
Captcha does not exist. The system prompts that the verification code does not exist.