2024-03-09 10:47:53 +00:00
id : chanjet-tplus-unauth-passreset
2024-02-28 04:17:17 +00:00
info :
2024-03-09 10:47:53 +00:00
name : Chanjet Tplus - Unauthorized Password Reset
2024-02-28 04:17:17 +00:00
author : 0xr2r
severity : high
2024-03-06 09:12:01 +00:00
description : |
There is an unauthorized administrator password modification vulnerability in UF Chanjet T+ RecoverPassword.aspx. An attacker can use this vulnerability to modify the administrator account password to log in to the backend.
2024-02-28 04:17:17 +00:00
reference :
- https://cn-sec.com/archives/1377207.html
- https://www.chanjet.com
metadata :
2024-03-11 07:05:49 +00:00
max-request : 2
2024-02-28 04:17:17 +00:00
verified : true
2024-03-11 07:05:49 +00:00
fofa-query : app="畅捷通-TPlus"
2024-03-09 10:47:53 +00:00
tags : tplus,unauth,chanjet
2024-02-28 04:28:47 +00:00
2024-02-28 04:17:17 +00:00
http :
2024-03-09 10:47:53 +00:00
- method : GET
2024-02-28 04:17:17 +00:00
path :
2024-03-09 10:47:53 +00:00
- "{{BaseURL}}/tplus/ajaxpro/RecoverPassword,App_Web_recoverpassword.aspx.cdcab7d2.ashx?method={{randbase(6)}}"
2024-02-28 04:17:17 +00:00
- "{{BaseURL}}/tplus/ajaxpro/RecoverPassword,App_Web_recoverpassword.aspx.cdcab7d2.ashx?method=SetNewPwd"
matchers :
2024-02-28 04:28:47 +00:00
- type : dsl
dsl :
2024-03-09 10:47:53 +00:00
- "contains(body_1, 'tplus”应用程序中的服务器错误')"
- "!contains(body_2, '>请重新登录')"
condition : and
2024-03-11 07:17:17 +00:00
# digest: 4a0a004730450220196561bdf0315ff002edd2dc6b8f06301ec41ce768ac8d6c35924d431022b2cf022100f055d89d18959e389d8e5737f54ba35089dc0756d78b21a2a0358d536f1ab8ed:922c64590222798bb761d5b6d8e72950