Bluecms_v1.6
Download
http://lp.downcode.com/j_14/j_14745_bluecms.rar
vulnerability code:
in admin/login.php line 21:
In line 22 of the login code for admin/login.php, the parameter admin_name has not been filtered, allowing malicious users to implement a universal password through wide byte injection.
As shown in the figure, the Content Type in the packet response header tells us that the encoding is gb2312, because the single quotation mark is gpc, so wide byte injection is used here.
payload is
admin_name=1%df'%20or%201=1%23&admin_pwd=1&submit=%B5%C7%C2%BC&act=do_login
Download
http://lp.downcode.com/j_14/j_14745_bluecms.rar
vulnerability code:
in admin/login.php line 21:
In line 22 of the login code for admin/login.php, the parameter admin_name has not been filtered, allowing malicious users to implement a universal password through wide byte injection.
As shown in the figure, the Content Type in the packet response header tells us that the encoding is gb2312, because the single quotation mark is gpc, so wide byte injection is used here.
payload is