VULHUB ™

### 简要描述： 没有对用户名进行处理 POST提交报错没有处理异常信息 ### 详细说明： [<img src="https://images.seebug.org/upload/201401/141424056165f71e0530c56a79bcb3ee512a3be5.png" alt="QQ截图2014011.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/141424056165f71e0530c56a79bcb3ee512a3be5.png) [<img src="https://images.seebug.org/upload/201401/141424153e3de55ff981f72e2452c654f97a9cd4.png" alt="QQ截图201401141422.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/141424153e3de55ff981f72e2452c654f97a9cd4.png) [<img src="https://images.seebug.org/upload/201401/141425098feaf905794ea063b061140c6ebf8f4a.png" alt="QQ截图20140114142438.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/141425098feaf905794ea063b061140c6ebf8f4a.png) 直接找到POST提交语句 扔到工具去跑 [<img src="https://images.seebug.org/upload/201401/141426219b0a2f9bbfb8487d3b7722034c0fdfa9.png" alt="QQ截图20140114142609.png" width="600"...

### 简要描述： 没有对用户名进行处理 POST提交报错没有处理异常信息 ### 详细说明： [<img src="https://images.seebug.org/upload/201401/141424056165f71e0530c56a79bcb3ee512a3be5.png" alt="QQ截图2014011.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/141424056165f71e0530c56a79bcb3ee512a3be5.png) [<img src="https://images.seebug.org/upload/201401/141424153e3de55ff981f72e2452c654f97a9cd4.png" alt="QQ截图201401141422.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/141424153e3de55ff981f72e2452c654f97a9cd4.png) [<img src="https://images.seebug.org/upload/201401/141425098feaf905794ea063b061140c6ebf8f4a.png" alt="QQ截图20140114142438.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/141425098feaf905794ea063b061140c6ebf8f4a.png) 直接找到POST提交语句 扔到工具去跑 [<img src="https://images.seebug.org/upload/201401/141426219b0a2f9bbfb8487d3b7722034c0fdfa9.png" alt="QQ截图20140114142609.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/141426219b0a2f9bbfb8487d3b7722034c0fdfa9.png) 赤果果的SA hash啊 数据库各种表 没时间了 就不继续了 ### 漏洞证明： http://ht.52xinyou.cn/user/findpass.html [<img src="https://images.seebug.org/upload/201401/141424056165f71e0530c56a79bcb3ee512a3be5.png" alt="QQ截图2014011.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/141424056165f71e0530c56a79bcb3ee512a3be5.png) [<img src="https://images.seebug.org/upload/201401/141424153e3de55ff981f72e2452c654f97a9cd4.png" alt="QQ截图201401141422.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/141424153e3de55ff981f72e2452c654f97a9cd4.png) [<img src="https://images.seebug.org/upload/201401/141425098feaf905794ea063b061140c6ebf8f4a.png" alt="QQ截图20140114142438.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/141425098feaf905794ea063b061140c6ebf8f4a.png) 直接找到POST提交语句 扔到工具去跑 [<img src="https://images.seebug.org/upload/201401/141426219b0a2f9bbfb8487d3b7722034c0fdfa9.png" alt="QQ截图20140114142609.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/141426219b0a2f9bbfb8487d3b7722034c0fdfa9.png) 赤果果的SA hash啊 数据库各种表 没时间了 就不继续了