代码审计-KKCMS验证码逻辑漏洞
\kkcms\admin\cms_login.php
登录页面判断验证码:
以及生成验证码:
\kkcms\system\verifycode.php
:
<?php
session_start();
$image = imagecreate(50, 34);
$bcolor = imagecolorallocate($image, 0, 0, 0);
$fcolor = imagecolorallocate($image, 255, 255, 255);
$str = '0123456789';
$rand_str = '';
for ($i = 0; $i < 4; $i++){
$k = mt_rand(1, strlen($str));
$rand_str .= $str[$k - 1];
}
$_SESSION['verifycode'] = $rand_str;
imagefill($image, 0, 0, $bcolor);
imagestring($image, 7, 7, 10, $rand_str, $fcolor);
header('content-type:image/png');
imagepng($image);
?>
登录页面加载页面形式:
不加载js即可保持$_SESSION['verifycode']
的值达到验证码重放漏洞:
静有所思,思有所想
------------------------------------------------------------------------------------
mail: 779783493@qq.com