These days, the black multi-PHPWIND 1.3.6 forum is black, is not paying attention to safety, the patch has been released very early, but everyone didn't pay attention to me, how to use the vulnerability, is not a professional, said Outside the door, everyone can understand FAQ.php? Skin = .. / .. / admin / manager & tpath = admin Use this, everyone can learn something = .. / .. / admin / manager & tplpath = Yes What do you mean, Skin English is also very direct admin. This is not to say, the administrator opens, you can see the admin account name and MD5 password, unpigled forums use FAQ.php to achieve the first purpose Admin ID is the username, huh, it is actually not checked, directly look at the forum can also know if someone is not too annoyed, it is estimated that it will slowly break your MD5 password, some people will have fun
BECAUSE OF
He Wanna Get Your Passwordfaq.php? Skin = .. / .. / admin / manager & username = admin & password = pass & check_pwd = pass & action = Go knows above, this I want to know, it is to change the password Username = admin // admin is The administrator's account, you want to change others, huh, huh password = pass // pass is of course password, no doubt that check_pwd = pass // This is said to be nonsense Action = GO // Go Go Go Fire In The Hole, we have achieved our ultimate destination. People who have changed their passwords. People who have been tested. I will use this vulnerability to pass the treasure horses. I don't have much to say. I will teach bad friends (in fact, I will not) huh, then . . . As a result, everyone knows
