Verification code reuse logic vulnerability
http://www.zzcms.net/about/download.html
ZZCMS <=2023(latest)
Has vendor confirmed or acknowledged the vulnerability? No
Remote
Information Disclosure
File: /inc/function.php
Line: 938
Vulnerable Code:
function checkyzm($yzm){
if($yzm!=$_SESSION["yzm_math"]){showmsg("验证问题答案错误!你输入的是".$yzm."期待值是".$_SESSION["yzm_math"],'back');}
}
The vulnerability affects the login and comment functionalities of the application(we can test it in /user/login.html). When the captcha validation fails, the correct captcha value remains unchanged, allowing attackers to exploit the error message that reveals the expected captcha value. By leveraging this information, attackers can perform brute-force attacks to bypass captcha protection, potentially gaining unauthorized access to user accounts or submitting malicious comments.
ZZCMS 2023 contains a vulnerability in the captcha reuse logic located in /inc/function.php. The checkyzm function does not properly refresh the captcha value after a failed validation attempt. As a result, an attacker can exploit this flaw by repeatedly submitting the same incorrect captcha response, allowing them to capture the correct captcha value through error messages. This vulnerability can lead to unauthorized access through brute-force attacks on login and comment functionalities, as the correct captcha value is exposed and can be reused.
GKDf1sh
https://demo.zzcms.com
https://www.88zsw.com
http://www.818yyzs.com
https://www.qibai.cc
http://www.weixumu.cn
http://www.eshouyao.com
http://www.66988.tv/
http://www.dl580.tv/