VULHUB ™

### 简要描述： PageAdmin CSRF漏洞可修改用户密码 ### 详细说明： 密码修改功能没有做任何的校验： [<img src="https://images.seebug.org/upload/201410/2017091382d850d7d6f02dcfa8c503bb7adaf605.png" alt="11.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201410/2017091382d850d7d6f02dcfa8c503bb7adaf605.png) [<img src="https://images.seebug.org/upload/201410/201709382e73b060fca3184f96277055fb375993.png" alt="12.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201410/201709382e73b060fca3184f96277055fb375993.png) [<img src="https://images.seebug.org/upload/201410/20170947867a92e7231b11212298696c9653bffb.png" alt="13.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201410/20170947867a92e7231b11212298696c9653bffb.png) [<img src="https://images.seebug.org/upload/201410/2017095590f22b2dea1eb01c12e641bf7826f09b.jpg" alt="14.jpg" width="600"...

### 简要描述： PageAdmin CSRF漏洞可修改用户密码 ### 详细说明： 密码修改功能没有做任何的校验： [<img src="https://images.seebug.org/upload/201410/2017091382d850d7d6f02dcfa8c503bb7adaf605.png" alt="11.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201410/2017091382d850d7d6f02dcfa8c503bb7adaf605.png) [<img src="https://images.seebug.org/upload/201410/201709382e73b060fca3184f96277055fb375993.png" alt="12.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201410/201709382e73b060fca3184f96277055fb375993.png) [<img src="https://images.seebug.org/upload/201410/20170947867a92e7231b11212298696c9653bffb.png" alt="13.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201410/20170947867a92e7231b11212298696c9653bffb.png) [<img src="https://images.seebug.org/upload/201410/2017095590f22b2dea1eb01c12e641bf7826f09b.jpg" alt="14.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201410/2017095590f22b2dea1eb01c12e641bf7826f09b.jpg) [<img src="https://images.seebug.org/upload/201410/20171005ee35cd750448953280c5381247dd5e62.png" alt="15.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201410/20171005ee35cd750448953280c5381247dd5e62.png) ### 漏洞证明： 密码修改功能没有做任何的校验： [<img src="https://images.seebug.org/upload/201410/2017091382d850d7d6f02dcfa8c503bb7adaf605.png" alt="11.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201410/2017091382d850d7d6f02dcfa8c503bb7adaf605.png) [<img src="https://images.seebug.org/upload/201410/201709382e73b060fca3184f96277055fb375993.png" alt="12.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201410/201709382e73b060fca3184f96277055fb375993.png) [<img src="https://images.seebug.org/upload/201410/20170947867a92e7231b11212298696c9653bffb.png" alt="13.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201410/20170947867a92e7231b11212298696c9653bffb.png) [<img src="https://images.seebug.org/upload/201410/2017095590f22b2dea1eb01c12e641bf7826f09b.jpg" alt="14.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201410/2017095590f22b2dea1eb01c12e641bf7826f09b.jpg) [<img src="https://images.seebug.org/upload/201410/20171005ee35cd750448953280c5381247dd5e62.png" alt="15.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201410/20171005ee35cd750448953280c5381247dd5e62.png)