CMS Live
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2102
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2102
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2102
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2102
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2102
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2102
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2102
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2102
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2102
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2102
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2102
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2102
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2102
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2102
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2102
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2102
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2102
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2102
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2102
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2102
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2102
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2102
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2102
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2102
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2102
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2102
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2435
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2451
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2456
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2461
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2467
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2479
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2496
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2497
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2498
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2499
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2517
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2518
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2519
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2520
Deprecated: Non-static method MagicWord::get() should not be called statically, assuming $this from incompatible context in /home/clients/newman_ftp0/domains/wiki.pws.ru/html/includes/Parser.php on line 2550
Материал из Newman's WiKi.
Версия 19:02, 14 мая 2009 WikiSysop (Обсуждение | вклад) (→Через cookie) ← К предыдущему изменению |
Версия 19:07, 14 мая 2009 WikiSysop (Обсуждение | вклад) (→Создание модулей (plugins)) К след. изменению → |
||
Строка 29: | Строка 29: | ||
== Создание модулей (plugins) == | == Создание модулей (plugins) == | ||
+ | |||
+ | [Категория:Опыт] |
Версия 19:07, 14 мая 2009
CMS Live - самописная система управления контентом.
Содержание |
Вход в админ панель без пароля
Хак исходников
Для входа в админ панель нужно знать любой логин и иметь доступ к исходным файлам системы. Логин можно узнать из базы, если к ней есть доступ, либо подобрать. Итак, логин мы знаем. Находим файл include/auth/admin/default.php и находим в нем проверку пароля
if (md5($_POST_GET["password"] . md5($user_regdate . $_POST_GET["password"])) == $user_password) { $user = new User($user_id);
и делаем так что бы условие всегда было истинно. Например вот так:
if (true || md5($_POST_GET["password"] . md5($user_regdate . $_POST_GET["password"])) == $user_password) {
Теперь вводим существующий логин и любой набор символов. Удачно заходим в систему, меняем пароль. Теперь можно убирать наш хак и заходить под логином и известным нам паролем.
Через cookie
Анализ вот этого кусочка из файла include/auth/admin/default.php
if ((isset($_COOKIE["adminname"])) && (strlen($_COOKIE["adminname"]) >= $this->options["min_user_login_length"]) && (isset($_COOKIE["admin_identify"])) && (strlen($_COOKIE["admin_identify"]) >= $this->options["min_user_password_length"])) { $adminname = $_COOKIE["adminname"]; $password_hash = $_COOKIE["admin_identify"]; $db->init_query("SELECT id FROM {prefix}users WHERE name=[name] AND passwd=[password]"); $db->add_param("name", $adminname, "string"); $db->add_param("password", $password_hash, "string");
подсказывает нам что для удачного входа нужен только доступ к базе данных. Создать же нужные куки не проблема. Firefox с установленым плагинов webdeveloper позволяет сделать это за несколько минут.
Создание модулей (plugins)
[Категория:Опыт]