织梦前台任意用户密码修改

Basic Fields

SSV ID:
SSV-97074
Find Time:
2018-01-10
Submit Time:
2018-01-10
Level:
Category:
其他类型
Component:
DedeCMS
Author:
Unknown
Submitter:
Knownsec
CVE-ID:
Add
CNNVD-ID:
Add
CNVD-ID:
Add
ZoomEye Dork:
Add

Source

Detail

Contributor Got  0KB
Loading icon
have 0  exchange

PoC

Unavailable PoC

Reference Linking

Solutions

Temp Solutions

Unavailable Temp Solutions

Official Solution

Unavailable Official solution

Defense Solutions

Unavailable Defense Solutions

Popularity 5067
Need to bind phone before comment. Bind Now

All Comments (1)

  • 补充下, 得到临时验证码后 通过 http://localhost/member/resetpassword.php?dopost=getpasswd&id=1 进行密码的重置 id=1 这个是你要修改的前台用户的id
    • busishen
      补充的很好, 这是利用key的地方
    1F

※Any content provided by this site, only to learn the code and services, not for illegal purposes