Enter the interface and register a root account casually Click on Manage page to return Sorry,You are not admin!Need to register with the admin account and find that the account has already been registered Found that there is a Findpwd interface to reset the password The problem is coming. I don’t know the birthday and address of the admin account. First try to change the root account you applied for earlier and change the password. Here we have to keep capturing I tried to change the username to admin and it was still successful, so the password of the admin account here was changed. Log in with admin to enter the manage interface and prompt IP NOT allowed burpsuit add X-Forwarded-For:127.0.0.1Page prompt index.php?module=filemanage&do=???index.php?module=filemanage&do=???Direct access failure prompts action error Since it is filemanage do, it should be upload. Give the flag directly! Hahaha Looking at other people's wp, the previous account is obtained by changing the password of admin by unauthorized modification through the root account registered by yourself. Here is another way There was a user=4b9987ccafacb8d8fc08d22bbca797ba
import hashlib
sha1 = hashlib. md5( )
sha1. update( "1:admin" . encode( 'utf-8' ) )
print ( sha1. hexdigest( ) )
'''
4b9987ccafacb8d8fc08d22bbca797ba
'''
The encrypted result is the same as the one we captured, so this question can also be tricked into logging in to the admin account with a cookie
