Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1 matches found

seebug.org
seebug.orgadded 2015/07/21 12:0 a.m.27 views

iSMCloud平台逻辑缺陷重置任意用户密码(官方账户测试/秒改)

简要描述: 绕过验证码秒改用户密码! 详细说明: 0x1:先用一个用户获取官方的邮箱。 [email protected] 就用这个用户来证明漏洞。 修改这个用户之前,我们先用自己的用户走一边正确的流程,为的就是获取正确的响应码。 获取正确的验证码,响应包返回如下。 "success":true,"msg":"resetpassword.jsp","errors":null,"resultData":null 漏洞证明: 0x2: 随意填入6位的验证码,无需获取验证码,下一步此时截断响应包,修改为正确的响应包。 跳到修改密码的界面,修改密码为wooyun123. 0x3:登陆验证。...

7.1AI score
Exploits0
Rows per page
Query Builder