TinyRise 邮件欺诈可重置任何人密码和后台sql注射

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: TinyRise 邮件欺诈可重置任何人密码和后台sql注射 ### 详细说明: simple.php: ``` public function forget_act(){ $email = Filter::sql(Req::args('email')); $model = $this->model->table('user'); $obj = $model->where("email = '".$email."'")->find(); if(!empty($obj)){ $model = $this->model->table('reset_password'); $obj = $model->where("email = '".$email."'")->find(); $safecode = md5(md5($email).md5(CHash::random(32))); if(!empty($obj)){ $obj['safecode'] = $safecode; $model->data($obj)->update(); } else{ $model->data(array('email'=>$email,'safecode'=>$safecode))->add(); } $url = Url::getHost().Url::urlFormat("/simple/reset_password/safecode/$safecode"); $html = ''; $html .='<p>亲爱的用户:</p>'; $html .='<p>感谢您注册'.$this->site_name.',请点击以下链接重置您的密码。<br/><br/>'; $html .="<a href='{$url}' target='_blank'>{$url}</a><br/><br/>"; $html .='愿您在'.$this->site_name.'度过愉快的时光。<br/><br/>'; $html .="<a href='".Url::getHost().Url::urlFormat('/')."'>".$this->site_name."</a></p>"; echo $html; exit; $mail = new Mail(); $flag =...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息