Here is CSRF POC test.html: Log in and click the link in test.html, modify the parameter of delete and users will delete the .dat file in the specified directory at last.
The text was updated successfully, but these errors were encountered:
youki992
changed the title
There are two CSRF vulnerabilities that can lead to deleting local .dat files
There is CSRF vulnerabilities that can lead to deleting local .dat files
Jun 11, 2022
Software Link : https://github.com/bg5sbk/MiniCMS After the installation is complete, log in as administrator, open the page
In post.php, user can delete any local .dat files without filter
Create 1.dat in the parent directory
To delete 1.dat, the url is like http://127.0.0.1:80/MiniCMS-master/mc-admin/post.php?delete=../1&state=delete&date=&tag=
Also you can delete any .dat file like local google chrome file
http://127.0.0.1:80/MiniCMS-master/mc-admin/page.php?delete=../../../../../../../../opt/google/chrome/icudtl&state=delete&date=&tag=
Here is CSRF POC test.html: Log in and click the link in test.html, modify the parameter of delete and users will delete the .dat file in the specified directory at last.
The text was updated successfully, but these errors were encountered: