| Title | SKyTech HuiRan(XinKa) Host Reseller System <=2.0.0 Authentication Bypass |
|---|
| Description | The vulnerability in the HuiRan(XinKa) Host Reseller System allows an attacker to reset the password of any user account without authorization. By manipulating the 'voucher' session variable through a series of crafted POST requests to the application's 'sendyzms', 'sendyzm', and 'findpass' endpoints, the attacker can bypass the normal password reset code verification process and change a user's password to one of their choosing, effectively taking over the account. The exploit hinges on the system's failure to properly validate and segregate user session data during the password reset process. |
|---|
| Source | ⚠️ https://note.zhaoj.in/share/WwPWWizD2Spk |
|---|
| User | glzjin (ID 59815) |
|---|
| Submission | 2024-01-01 12:15 (5 months ago) |
|---|
| Moderation | 2024-01-01 16:41 (4 hours later) |
|---|
| Status | Przyjęty |
|---|
| VulDB Entry | 249444 |
|---|