4.29 追加:此漏洞已提交,但是厂家貌似没有打算修复的意思…
作为用户的补救方法:绑定邮箱,此漏洞针对未绑定邮箱的用户
全球战疫,大家都乖乖宅家上网课写网上作业,自从上次破解了云班课和学习通的视频进度和选择题之后,做网上作业的时候就不自觉地刨那么几下。
这个漏洞虽说能重置账户密码,但是比较简单,就简单写写吧。
在账户安全一栏中,发现了三个功能:关联手机、关联邮箱、修改密码。
有趣的是,其中修改密码和更换绑定邮箱需要验证当前密码,但是在没有邮箱的状态下绑定邮箱却缺乏验证。由于大家都不怎么在乎这些网课平台,自然也不会去绑定邮箱了,而绑定的邮箱可以用于重置当前账户密码。这样一来,基本就是任意账户密码重置了。
前面说再多也是猜想,验证一下。填入我的邮箱,抓一个请求包。
可以看到,POST提交的参数中只有我输入的一个邮箱,但是Cookie中有很多不能确定作用的值。后来我自己验证过,的确是一个CRSF,但是搞自己不行啊,请友军朋友帮忙做了个验证。PoC见下图
传到一台闲置的VPS上,发送了链接。朋友点击了链接,之后该我操作。
用户登录处点击找回密码,输入邮箱账号。
点击重置密码,邮箱收到重置密码链接。
点击链接,进行密码重置。
之后就顺利登陆了。
结语
学生的信息就不是信息吗,学生的隐私就不是隐私吗,垃圾平台…
7.22复现成功,的确还没有修复哈哈哈哈
哈哈,保护好自己的账号呀
那个poc为啥是什么格式的文件啊
PoC是一段嵌在html中的JavaScript脚本
A round of applause for your blog article. Great.
Looking forward to reading more. Great article. Awesome.
Very informative post. Really Great.
stromectol nz – stromectol otc stromectol ebay
wow, awesome blog post.Thanks Again. Awesome.
provigil for sale – provigil a narcotic provigil generic
Very neat blog post.Thanks Again. Want more.
Muchos Gracias for your article post.Really looking forward to read more. Really Cool.
modafinil and birth control – order modafinil online provigil a narcotic
Enjoyed every bit of your blog post. Will read on…
Very neat blog article. Cool.
Very good article post.Thanks Again. Really Great.
สล็อตออนไลน์เกมออนไลน์ที่สร้างความเพลิดเพลินให้ผู้เล่นได้เป็นอย่างดีอีกทั้งภาพและเอฟเฟคสุดหรูหราทำให้ให้ขึ้นมาเป็นเกมยอดฮิตได้ไม่ยาก UFABET ได้รวมรวมสล็อตทุกค่ายไว้ภายในเว็บไซต์แล้วเรียบร้อย รอคอยให้คุณเข้ามาสัมผัสความสนุกสนานที่มาพร้อมการผลิตรายได้
Really informative article post.Really looking forward to read more. Awesome.
ivermectin pour on tractor supply ivermectin wormers for horses
Great info. Lucky me I found your blog by chance (stumbleupon). I’ve saved it for later!
I really like and appreciate your article post.Really looking forward to read more. Cool.
Thank you for your article. Really Cool.
wow, awesome post.Much thanks again.
Some really interesting information, well written and generally user pleasant.
Thank you ever so for you blog article. Really Cool.
Very good blog post.Much thanks again. Much obliged.
Very good article.Really thank you! Cool.
Very informative article.Much thanks again.
Appreciate you sharing, great blog.Much thanks again. Want more.
Enjoyed every bit of your blog article.Thanks Again. Cool.
Looking forward to reading more. Great article. Keep writing.
I loved your blog article.Really thank you! Much obliged.
paxil insomnia: paxil generic – paxil for panic attacks
I used to be able to find good information from your articles.
Appreciate you sharing, great article. Will read on…
Say, you got a nice blog post.Much thanks again. Really Great.
Really informative blog post.Thanks Again. Will read on…
Betapace coupon code for canadian pharmacy online
fantastic internet site, I could definitely go to your web page once more…acquired some really nice info.
Looking forward to reading more. Great article.
Wow, great blog post.Really thank you! Want more.
Very interesting info !Perfect just what I was looking for!
A great post without any doubt.
Very informative article post.Really looking forward to read more. Will read on…
I loved your article.Really looking forward to read more. Much obliged.
Woh I enjoy your content , saved to bookmarks!
ivermectin 8000 ivermectin – ivermectin lice oral
Thanks for a marvelous posting! I certainly enjoyed reading it, you can be a great author.I will be sure to bookmark your blog and definitely will come back sometime soon.I want to encourage continue your great writing, have a nice day!
I really like and appreciate your post.Thanks Again. Great.
Pretty impressive article. I just stumbled upon your site and wanted to say that I have really enjoyed reading your opinions. Any way I’ll be coming back and I hope you post again soon.
I was able to find good info from your content.
ivermectin for bird mites worming sheep with ivermectin
ivermectin and alcohol consumption ivermectin pour on for sheep
I was able to find good information from your content.
Makes sense to me.
Enjoyed every bit of your blog.Thanks Again. Really Great.
Thanks for your marvelous posting! I definitely enjoyed reading it, you may be a great author.I will remember to bookmark your blog and will eventually come back very soon. I want to encourage you continue your great job, have a nice weekend!
I used to be able to find good advice from your blog articles.
Interesting stuff to read. Keep it up. Flooring Installers of Pittsburgh, 1933 Crafton Blvd #5, Pittsburgh, PA 15205, (412) 415-7629
Absolutely first rate and copper-bottomed, gentlemen!
A total of 15 people have blocked me, 3 people have been stalking me for a long time.Loading…
п»їivermectin on line sales ivermectin australia
I used to be able to find good information from your articles.
Write more stories, more chapters.
I used to be able to find good advice from your articles.
What a great article.. i subscribed btw!
I really like and appreciate your blog article.Really looking forward to read more. Cool.
Say, you got a nice article post.Really looking forward to read more. Much obliged.
I can’t go into details, but I have to say its a good article!
I used to be able to find good info from your blog posts.
top pharmacy technician online schools prime rx pharmacy
Very informative blog article.Much thanks again.Loading…
I love your blog. It looks every informative.
Absolutely indited articles, Really enjoyed looking at.
ivermectin goodrx – stromectol online ivermectin 10 ml
I’ll immediately seize your rss feed as I can not find your e-mail subscription link or e-newsletter service. Do you’ve any? Kindly permit me realize in order that I may subscribe. Thanks.
I really like your writing style, excellent info , thanks for putting up : D.
Fantastic piece of writing here1
Have you given any kind of thought at all with converting your current web-site into French? I know a couple of of translaters here that will would certainly help you do it for no cost if you want to get in touch with me personally.
ivermectin online pharmacy – ivermectin medication stromectol tablets for humans
I don’t normally comment on blogs.. But nice post! I just bookmarked your site
tinder date , browse tinder for freebrowse tinder for free
I don’t normally comment on blogs.. But nice post! I just bookmarked your site
Wow, great blog.Really thank you! Really Great.
I could not refrain from commenting. Exceptionally well written.
Just stumble upon your blog from from time to time. nice article
Very nice post. I just stumbled upon your blog and wanted to say that I’ve really enjoyed browsing your blog posts. In any case I’ll be subscribing to your rss feed and I hope you write again soon!
generic ivermectin for humans – stromectol tablets for humans ivermectin 2ml
I encountered your site after doing a search for new contesting using Google, and decided to stick around and read more of your articles. Thanks for posting, I have your site bookmarked now.
A big thank you for your article.
I really liked your post.Thanks Again. Really Cool.
A big thank you for your blog article.Really thank you! Great.
dr syed haider ivermectin how much ivermectin paste to give a dog for mange
Very informative article.Much thanks again. Really Cool.
wow, awesome blog article.Thanks Again. Fantastic.
I imagine so. Very good stuff, I agree totally.
A big thank you for your article post. Really Cool.
Awesome blog post.Thanks Again. Really Cool.
A big thank you for your post.Thanks Again. Want more.
A big thank you for your post.Much thanks again. Really Cool.
Looking forward to reading more. Great blog post.Much thanks again. Want more.
I loved your blog.Thanks Again. Want more.
ivermectin dosage human how long after taking ivermectin can you drink alcohol
wow, awesome blog article.Much thanks again. Really Great.
Wow, great blog article. Fantastic.
Wow, great blog. Really Cool.
Really informative blog article.Really looking forward to read more. Really Great.
Muchos Gracias for your article.Really looking forward to read more. Want more.
It’s time to experience an extraordinary degree of top quality and also performance in a way you never ever thought possible.
ivermectin walgreens ivermectin for humans dosage
Really informative blog post. Will read on…
Thank you for your blog post.Really looking forward to read more. Will read on…
Thank you for your blog.Really thank you! Fantastic.
Looking forward to reading more. Great article post.Thanks Again. Fantastic.
Thank you ever so for you article. Want more.
mexican pharmacy online – canadian pharmacy checker canadian pharmacy legit
metformin online usa: metformin – metformin.com
Muchos Gracias for your blog.Thanks Again. Really Great.
Wow, great blog post. Awesome.
I loved your blog.Much thanks again. Cool.
Great article.Much thanks again. Great.
With thanks. Plenty of posts! Generic Lexapro
canadian online pharmacy ed products – natural ed medications
Wow, great article. Really Cool.
A big thank you for your blog article.Thanks Again. Really Cool.
chloroquine diphosphate trump hydroxychloroquine
Appreciate you sharing, great blog article.Really looking forward to read more. Keep writing.
wow, awesome blog article.Really looking forward to read more. Much obliged.
Great post.Really thank you! Cool.
Really informative blog post.Really thank you! Really Great.
Very good post. Great.
Very informative post.Thanks Again. Much obliged.
tadalafil india pharmacy: generic tadalafil – tadalafilventolin nebulizer
pharmacy tech online school online pharmacy quick delivery
anabolic steroids online pharmacy reviews online pharmacy phentermine
Great post. Keep writing.
A round of applause for your blog article.Thanks Again. Keep writing.
Fantastic posts. Kudos!act essay help writing an essay conclusion college essay writing service reviews
bookmarked!!, I really like your website!
ordering medicine from india: all generic meds from india india pharmacies online
A round of applause for your article.Really thank you! Will read on…
Awesome article.Thanks Again. Awesome.
Enjoyed every bit of your blog article.Really looking forward to read more. Much obliged.
Thank you ever so for you article post. Awesome.
Say, you got a nice blog article.Really looking forward to read more. Want more.
Thank you for your article post.Really thank you! Awesome.
Appreciate you sharing, great article. Fantastic.
A big thank you for your blog article.Really thank you! Cool.
pharmacy today canada pharmacy safedrg – pharmacy
accutane tablets uk – accutane by mail canadian pharmacy online accutane
Wow, great blog article.Really looking forward to read more.
Bardzo interesujący temat, dzięki za wysłanie wiadomości antybakteryjne chusteczki.
Thank you ever so for you blog article.Thanks Again. Cool.
يتجلى تفاني المصنع في الجودة في الأداء المتفوق لأنابيب HDPE ، والمعروفة بقوتها ومتانتها الاستثنائية.
Really informative blog.Really looking forward to read more. Really Great.
Enjoyed every bit of your article post.Really thank you! Cool.
Good info. Lucky me I reach on your website by accident, I bookmarked it. 現場兒童色情片 儿童色情片
Muchos Gracias for your blog post.Much thanks again. Keep writing.
Good info. Lucky me I reach on your website by accident, I bookmarked it. 現場兒童色情片 儿童色情片
Awesome article post. Will read on…
A big thank you for your article post.Really looking forward to read more. Much obliged.
I really liked your post.Much thanks again. Want more.
Performance, Mindfulness and also Joyful Lifestyle Design.
mersin duvar kağıdı
Exactly how? Find out now!
Thanks for finally writing about > blog_title < Loved it!|
Very good blog article. Much obliged.
Performance, wellness and well being, rest much better!
Very neat blog. Really Great.
I used to be able to find good info from your articles.
I really liked your post.Really looking forward to read more. Really Great.
Fantastic blog.Much thanks again. Fantastic.
A round of applause for your article post.
You used effective language that was both convincing and also inspiring for viewers.
Provides you a package of health advantages.
I loved your blog article. Great.
Very neat article.Really thank you! Cool.
I could not refrain from commenting. Very well written!
Enjoyed every bit of your blog. Really Cool.
I really like and appreciate your blog post.Really thank you! Want more.
Looking forward to reading more. Great blog. Really Cool.
I really liked your blog.Really thank you! Fantastic.
I really like and appreciate your blog article.Thanks Again. Keep writing.
Very good blog.Much thanks again. Want more.
Very neat article post. Cool.
Really informative post.Really thank you! Great.
Great blog.Really looking forward to read more. Fantastic.
wow, awesome blog.Really looking forward to read more. Will read on…
Great blog.Much thanks again. Fantastic.
Very good blog article.Much thanks again. Much obliged.
You’ll be able to do more, have much more enjoyable, and really feel impressive!
I really like and appreciate your blog post. Awesome.
wow, awesome article post.Much thanks again. Awesome.
Saved as a favorite, I love your web site.
Thank you ever so for you post.Really thank you!
Muchos Gracias for your article post.Thanks Again. Cool.
I really liked your blog.Really looking forward to read more. Great.
Say, you got a nice blog post.Much thanks again. Really Great.
Say, you got a nice article. Fantastic.
Fantastic article. Much obliged.