aspcms任意用户密码重置

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: aspcms会员中心的某些页面,对用户的验证存在缺陷,修改cookie后提交即可重置任意用户的帐号信息。 ### 详细说明: ``` 'member/reg.asp dim action : action=getform("action","get") if action = "reg" then addUser() elseif action = "editpass" then editUser() else echoContent() end if '第3-10行 接受一个get请求,如果action为editpass时候执行editUser过程 Sub editUser dim LoginName,userPass,reuserPass,Email,Mobile,Address,PostCode,Gender,QQ,TrueName,Phone LoginName=trim(rCookie("loginName")) userPass=getForm("userPass","post") reuserPass=getForm("reuserPass","post") Email=filterPara(getForm("Email","post")) Mobile=filterPara(getForm("Mobile","post")) Address=filterPara(getForm("Address","post")) PostCode=filterPara(getForm("PostCode","post")) Gender=filterPara(getForm("Gender","post")) QQ=filterPara(getForm("QQ","post")) TrueName=filterPara(getForm("TrueName","post")) Phone=filterPara(getForm("Phone","post")) if userPass<>reuserPass then alertMsgAndGo "两次输入密码不相同","-1" dim passStr if not isnul(userPass) then...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息