| عنوان | lceCMS /login v 2.0.1 逻辑缺陷漏洞 |
|---|
| الوصف | IceCMS is a standalone content management system before Spring Boot + Vue. IceCMS v2.0.1 has a logic flaw, and there is a functional logic vulnerability in the background administrator login (/login). The designers used a slider captcha to prevent an attacker from blasting the user's password. But after we capture the packet, we can still blast to get the administrator password! Harm: Cause us to enter the background and obtain some sensitive information of the website! |
|---|
| المصدر | ⚠️ http://x.x.x.x:8082/IceCMS2.html |
|---|
| المستخدم | YuJiu (UID 59194) |
|---|
| ارسال | 03/12/2023 06:29 PM (3 سنوات منذ) |
|---|
| الاعتدال | 13/12/2023 08:40 AM (10 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 247884 [Thecosy IceCMS 2.0.1 Captcha /login الكشف عن المعلومات] |
|---|
| النقاط | 17 |
|---|