Closed ghost closed 7 years ago
/admin/loginc.php
include '../config.php'; if (!session_id()) { session_start(); } $res = $db->select('setting', array('name' => 'admin')); if ($_POST['password'] == $res[0]['value'] && strtolower($_POST['captcha']) == strtolower($_SESSION['captcha']['code'])) { $_SESSION['alogin'] = true; header('Location: index.php'); } else { header('Location: login.php?err=1'); }
Note that $_SESSION['captcha']['code'] is set in /captcha/simple-php-captcha.php. To bypass the captcha verification, we simply need to empty the $_POST['captcha'], but be sure there is no previous request to /captcha/simple-php-captcha.php.
How to fix:
- if ($_POST['password'] == $res[0]['value'] && strtolower($_POST['captcha']) == strtolower($_SESSION['captcha']['code'])) { + if ($_POST['password'] == $res[0]['value'] && isset($_SESSION['captcha']['code']) && strtolower($_POST['captcha']) == strtolower($_SESSION['captcha']['code'])) {
Fixed in 255b44c
/admin/loginc.php
Note that $_SESSION['captcha']['code'] is set in /captcha/simple-php-captcha.php. To bypass the captcha verification, we simply need to empty the $_POST['captcha'], but be sure there is no previous request to /captcha/simple-php-captcha.php.
How to fix: