### 简要描述:
wdcp_v2.5.10 文件无访问验证直接建立数据库账户
### 详细说明:
wdcp_v2.5.10 文件无访问验证mysql/add_user.php直接建立账户 截断修改数据包 挂载默认数据库 获得后台账户密码
[<img src="https://images.seebug.org/upload/201410/081111149ca11b7cf3b424f0b226d99d409de1ef.png" alt="linux.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201410/081111149ca11b7cf3b424f0b226d99d409de1ef.png)
[<img src="https://images.seebug.org/upload/201410/050107591d0b4787f9f5a354d76086651cf5927e.jpg" alt="QQ截图20141005010705.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201410/050107591d0b4787f9f5a354d76086651cf5927e.jpg)
### 漏洞证明:
http://www.pclow.com:8080/mysql/add_user.php
[<img src="https://images.seebug.org/upload/201410/05011133b77fd231623c5bf506956c574dbe1bed.jpg" alt="QQ图片20141005011012.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201410/05011133b77fd231623c5bf506956c574dbe1bed.jpg)
京公网安备 11010502034610号
暂无评论