Enter the interface and register a root account casually
Click on Manage page to return Sorry,You are not admin!
Need to register with the admin account and find that the account has already been registered
Found that there is a Findpwd interface to reset the password
The problem is coming. I don’t know the birthday and address of the admin account.
First try to change the root account you applied for earlier and change the password.
Here we have to keep capturing
I tried to change the username to admin and it was still successful, so the password of the admin account here was changed.
Log in with admin to enter the manage interface and prompt IP NOT allowed
burpsuit add X-Forwarded-For:127.0.0.1
Page prompt index.php?module=filemanage&do=???
index.php?module=filemanage&do=???
Direct access failure prompts action error
Since it is filemanage do, it should be upload.
Give the flag directly! Hahaha
Looking at other people's wp, the previous account is obtained by changing the password of admin by unauthorized modification through the root account registered by yourself.
Here is another way
There was a user=4b9987ccafacb8d8fc08d22bbca797ba
import hashlib
sha1 = hashlib. md5( )
sha1. update( "1:admin" . encode( 'utf-8' ) )
print ( sha1. hexdigest( ) )
'''
4b9987ccafacb8d8fc08d22bbca797ba
'''
The encrypted result is the same as the one we captured, so this question can also be tricked into logging in to the admin account with a cookie