There is login bypass in doracms

[dontblame]

There is login bypass in doracms2.18 and earlier versions. When logging in, you can bypass the login user authentication by replacing the return package with the return package after a system successfully logs in. [Vulnerability proof] Step 1:Log in to the system through the default account doracms and record the returned package. Step 2:Use this return package to log in to other doracms systems. Step 3:Successfully bypassed login to enter the system.

[xiahao90]

这个poc怎么写哦，怎么生成个长时间的admin_doracms与admin_doracms.sgi