ZCMS 1.3 final后盾验证绕过破绽及修复计划
扼要描写:
SSO.jsp
文件逻辑毛病
具体阐明:
SSO.jsp文件逻辑过错
String username request.getParameter( u );
String time request.getParameter( t );
String str request.getParameter( s );
String key WIU ;
String s StringUtil.md5Hex(username + time + key);
if (s.equals(str)) {
Login.ssoLogin(request, response, username);
}
漏洞证实:
tnt1200