Tuba rabbit official website any password reset
Rt, no packet capture, no package change ......
Detailed description:
Tuba rabbit has a substation called 'Design copy ',
http://www.shejiben.com
You can see on the official website that,
It shares a set of account data with the official website. If I change the password on this website, will the official website also be down? What is the difference between this and the password reset vulnerability on the master site?
Resetting is started below.
1. register two test accounts on the 'Design copy' first,
Username/mobile phone number: admin3/151 ********* admin2/189 ********
Next, reset the password of the account 151.
2. Enable the password reset function and enter the account name,
And then,
3. Use the account 189 in the same browser to reset the password until the verification code is received,
4. Enter the Verification Code received by the mobile phone 189 on the Reset page of 151 to go To the Reset page,
Reset successfully,
5. log on to 'Design copy' and the official website,
Done!
Proof of vulnerability:
Solution:
You know.