Set up a successful H system environment locally, log in with the administrator, and use burpsuite to obtain the administrator's cookie
在本地搭建成功H系统环境,使用管理员登录后,使用burpsuite获取到管理员的cookie
Find the target_ip where the H system is installed on the Internet, and visit http://target_ip:5005/index. The result is as follows:
在互联网上查找安装H系统的target_ip,访问http://target_ip:5005/index ,结果如图:
Use burpsuite to intercept the request packet of http://target_ip:5005/index, and modify the cookie in the request packet to the cookie obtained locally in step 1
使用burpsuite拦截http://target_ip:5005/index的请求包,修改请求包中的cookie为第1步中本地获得的cookie
The response interface is as follows (you can log in successfully)
响应界面如下所示(即可成功登录)
The text was updated successfully, but these errors were encountered:
hackAK97
changed the title
固定的cookie导致管理员未授权登录
Fixed cookie directing admin to unauthorized login(固定的cookie导致管理员未授权登录)
Apr 11, 2022
在本地搭建成功H系统环境,使用管理员登录后,使用burpsuite获取到管理员的cookie
在互联网上查找安装H系统的target_ip,访问http://target_ip:5005/index ,结果如图:
使用burpsuite拦截http://target_ip:5005/index的请求包,修改请求包中的cookie为第1步中本地获得的cookie
The response interface is as follows (you can log in successfully)
响应界面如下所示(即可成功登录)
The text was updated successfully, but these errors were encountered: