# Multiple vulnerabilities in wind-like voice message book v3.2 build 091201
# Download Script: http://down.chinaz.com/soft/22331.htm
# Author: bl4ck
# Contact: bl4ck [4 t] live [dot] cn
# Blog: http://user.qzone.qq.com/271174530
# Dork: No DoRk f0R ScRipT KiDDieS
# Description:
This system is a newly written vulnerability. I will not mention the common injection vulnerabilities.
Today, I only talk about the password Modification Vulnerability, which has been suffering me for a day. As for why you can test it on your own, I will not talk about the test details.
Admin. php code
If ($ do = passmod ){
$ Password = isset ($ _ POST [password])? $ _ POST [password]:;
$ Oldpassword = isset ($ _ POST [oldpassword])? $ _ POST [oldpassword]:;
$ Oldpass = isset ($ _ POST [oldpass])? $ _ POST [oldpass]:;
If (empty ($ oldpassword )){
Forward (the old password cannot be blank !, $ Methd =, $ url = );
}
If (empty ($ password )){
Forward (the new password cannot be blank !, $ Methd =, $ url = );
}
If (md5 ($ oldpassword )! = $ Oldpass ){
Forward (the old password is incorrect !, $ Methd =, $ url = );
}
// Determine whether the password is modified. If the password is modified, md5 encryption is performed. If the password is not modified, the original value is used.
If ($ password = $ oldpassword ){
$ Newpassword = $ oldpass;
} Else {
$ Newpassword = md5 ($ password );
}
$ DB-> query ("update {$ db_prefix} admin set password = $ newpassword where id = 1 ");
Session_destroy ();
// Forward (the password is successfully modified. Please log on again !, $ Methd = href, $ url = admin. php?
Do = manage );
Die ("<script> window. alert (the password is successfully modified. Please log on again
Recorded !); Too many Doc ument. location. href = admin. php? Do = manage; </script> ");
}
?>
All the passwords here are submitted by post, so we can submit them for updates.