### 简要描述:
cmseasy后台暴力破解验证码绕过
### 详细说明:
cmseasy
[<img src="https://images.seebug.org/upload/201411/12190133c1b88885077168e182fc08cf9735fbe7.jpg" alt="选区_095.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/12190133c1b88885077168e182fc08cf9735fbe7.jpg)
后台登陆请求为:
submit=%E6%8F%90%E4%BA%A4&username=admin&password=admin123§156§&expire=&verify=7v111e7&submit=+%E7%99%BB+%E9%99%86+
清空cookie,服务端就不会验证验证码了。导致暴力破解后台。
[<img src="https://images.seebug.org/upload/201411/1219031871edaf258a859b6b5c645ae78b8a33db.jpg" alt="选区_097.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/1219031871edaf258a859b6b5c645ae78b8a33db.jpg)
### 漏洞证明:
[<img src="https://images.seebug.org/upload/201411/1219031871edaf258a859b6b5c645ae78b8a33db.jpg" alt="选区_097.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/1219031871edaf258a859b6b5c645ae78b8a33db.jpg)
京公网安备 11010502034610号
暂无评论