Headline
CVE-2020-18078: vul/back_password_reset.md at master · cve-vul/vul
A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attackers to reset the Administrator account’s password.
Permalink
Cannot retrieve contributors at this time
Background administrator password reset vulnerability
vuln in /include/web_check.php
In line 54 of the file, three variables are Judge whether it is empty; test_input and verify_str are keywords to detect whether the string has SQL and XSS. Let’s ignore it here.
In line 60 of the file
$query=$db_conn->query("select * from sc_user where user_email='".$umail."' and user_rzm='".$urzm."'");
The validity of $umail and $urzm is verified by database queries.Moreover, $urzm is generated by the random number Rand (10,10000). And updated to the database in line 29
Finally, the verification code is obtained by direct blasting with burp tool