DedecmsV5.7 SP2 前台任意用戶密碼修改漏洞

From PwnWiki
Revision as of 10:36, 10 April 2021 by Pwnwiki (talk | contribs) (Marked this version for translation)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Other languages:
Chinese • ‎português

漏洞利用

在找回密碼處,點擊通過安全問題取回

A2ea6d0d1c946ac0f125cc858abd952a.png

填寫信息並抓包,修改 id 和 userid 為想要重置密碼的對象,再加上以上分析內容,發包即可得到修改密碼 url

D05ffaa4c133f9a4d2af347cd61b15b1.png

進入該url,修改密碼

2b3d56c8cf5fdeb4bbaa837ae457fa08.png

Retrieved from "https://pwnwiki.com/index.php?title=DedecmsV5.7_SP2_前台任意用戶密碼修改漏洞&oldid=1406"