When any administrator login, open it, and the password is modified to 123456. If it is a simple username, such as admin, root, etc. You can get system privileges.
The text was updated successfully, but these errors were encountered:
anquanfuwu
changed the title
There is a CSRF vulnerability that can be used to modify administrator accounts to get system privileges.
CSRF vulnerability that can be used to modify administrator accounts to get system privileges.
Nov 9, 2018
When any administrator login, open it, and the password is modified to 123456. If it is a simple username, such as admin, root, etc. You can get system privileges.
exp.html:
<script>history.pushState('', '', '/')</script>After landing, perform SQL function.

Get system privileges

The text was updated successfully, but these errors were encountered: