| Title | SKyTech HuiRan(XinKa) Host Reseller System <=2.0.0 Authentication Bypass |
|---|
| Description | The vulnerability in the HuiRan(XinKa) Host Reseller System allows an attacker to reset the password of any user account without authorization. By manipulating the 'voucher' session variable through a series of crafted POST requests to the application's 'sendyzms', 'sendyzm', and 'findpass' endpoints, the attacker can bypass the normal password reset code verification process and change a user's password to one of their choosing, effectively taking over the account. The exploit hinges on the system's failure to properly validate and segregate user session data during the password reset process. |
|---|
| Source | ⚠️ https://note.zhaoj.in/share/WwPWWizD2Spk |
|---|
| User | glzjin (UID 59815) |
|---|
| Submission | 01/01/2024 12:15 (2 years ago) |
|---|
| Moderation | 01/01/2024 16:41 (4 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 249444 [HuiRan Host Reseller System up to 2.0.0 HTTP POST Request findpass?do=4 password recovery] |
|---|
| Points | 20 |
|---|