Open ghost opened 7 years ago
/admin/loginc.php
include '../config.php'; if (!session_id()) { session_start(); } $res = $db->select('setting', array('name' => 'admin')); if ($_POST['password'] == $res[0]['value'] && strtolower($_POST['captcha']) == strtolower($_SESSION['captcha']['code'])) { $_SESSION['alogin'] = true; header('Location: index.php'); } else { header('Location: login.php?err=1'); }
Like Session Fixation Vulnerability in /loginc.php, the system does not regenerate a new session_id after the admin successfully logged in, which could lead to admin account takeover with the help of any XSS vulnerability in the same domain.
/admin/loginc.php
Like Session Fixation Vulnerability in /loginc.php, the system does not regenerate a new session_id after the admin successfully logged in, which could lead to admin account takeover with the help of any XSS vulnerability in the same domain.