MacCMS bug notes

unauthenticated account takeover

Short version: /api.php/user/get_detail can cough up user_pwd and user_random to a guest. With the username and user id, that is enough to rebuild the user_check cookie and make MacCMS treat you like that frontend user.

The script checks it without touching the login endpoint. It grabs the public detail response, calculates the cookie locally, and asks /api.php/auth/me if the forged cookie got accepted.