You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are CSRF vulnerabilities At Subrion CMS because of code logic error.Although the check function is set in the program, its location does not appear to be correct in ia.core.php.
_forgeryCheck() should be executed first and then _executeModule().
For example,we can use this vulnerability to get a webshell.First,we create a html page which can simulate the function of the SQL tool.
When the administrator visit the page, even though it will echo "Request treated as a potential CSRF attack.",the SQL statement has been executed and the webshell has been created.
The text was updated successfully, but these errors were encountered:
There are CSRF vulnerabilities At Subrion CMS because of code logic error.Although the check function is set in the program, its location does not appear to be correct in ia.core.php.
_forgeryCheck() should be executed first and then _executeModule().
For example,we can use this vulnerability to get a webshell.First,we create a html page which can simulate the function of the SQL tool.
When the administrator visit the page, even though it will echo "Request treated as a potential CSRF attack.",the SQL statement has been executed and the webshell has been created.
The text was updated successfully, but these errors were encountered: