This repository has been archived by the owner on Jan 10, 2019. It is now read-only.
There is a ulnerability that User credentials are sent in clear text(admin/index.php) #58
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Steps to Reproduce
1、the backstage address
http://127.0.0.1/DiliCMS-develop-3.x/admin/index.php
2、login and use BurpSuite to intercepte packets,and then we can see the User credentials are transmitted over an unencrypted channel
The text was updated successfully, but these errors were encountered: