LJCMS V1.11 demourl (http://demo.8cms.com/index.php?c=guestbook) In the user login box Sign in now without a verification code and prompt that the user does not exist,which makes it easier for remote attackers to hijack accounts via a brute-force approach.
VulnerabilityType: logical Vulnerability
Vendor of Product http://www.8cms.com/
Affected Product version LJCMS V1.11
Affected Component affected page is the http://demo.8cms.com/index.php?c=guestbook
\u8d26\u53f7\u4e0d\u5b58\u5728 = Account does not exist \u5bc6\u7801\u9519\u8bef = wrong password
Capture the packet in burp to truncate the current request the current data packet sent to the intruder module, identification "username" used to traverse account information; Select the dictionary for the account name to open the attack