### 简要描述:
ThinkSNS设计缺陷导致信息泄漏,弱密码害人害自。
### 详细说明:
问题发生在
/public/memcache.php
```
define('ADMIN_USERNAME','admin'); // Admin Username
define('ADMIN_PASSWORD','admin'); // Admin Password
```
开源程序不带这么玩儿的!
### 漏洞证明:
http://demo.thinksns.com/t3/public/memcache.php
admin
admin
[<img src="https://images.seebug.org/upload/201312/0616044296e7b6fbcc777732fa172e1d7f156344.jpg" alt="thinksns_mc_1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201312/0616044296e7b6fbcc777732fa172e1d7f156344.jpg)
[<img src="https://images.seebug.org/upload/201312/06160455036b8c8ca4fca60fedc150263d98e4f3.jpg" alt="thinksns_mc_2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201312/06160455036b8c8ca4fca60fedc150263d98e4f3.jpg)
京公网安备 11010502034610号
暂无评论