You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I found a arbitrary password reset in teacher/personal.jsp.
When a user modify its information, here is not a check about who it is, and call update_teacher, update database columns just according to id user controlled.
When a hacker modify uid to someone's uid, someone's information and password can be resetted as what hacker wants.
I found a arbitrary password reset in teacher/personal.jsp.




When a user modify its information, here is not a check about who it is, and call update_teacher, update database columns just according to id user controlled.
When a hacker modify uid to someone's uid, someone's information and password can be resetted as what hacker wants.