There are CSRF vulnerabilities At Subrion CMS because of code logic error.Although the check function is set in the program, its location does not appear to be correct in ia.core.php.
_forgeryCheck() should be executed first and then _executeModule().
For example,we can use this vulnerability to get a webshell.First,we create a html page which can simulate the function of the SQL tool.
When the administrator visit the page, even though it will echo "Request treated as a potential CSRF attack.",the SQL statement has been executed and the webshell has been created.
The text was updated successfully, but these errors were encountered:
There are CSRF vulnerabilities At Subrion CMS because of code logic error.Although the check function is set in the program, its location does not appear to be correct in ia.core.php.
_forgeryCheck() should be executed first and then _executeModule().
For example,we can use this vulnerability to get a webshell.First,we create a html page which can simulate the function of the SQL tool.
When the administrator visit the page, even though it will echo "Request treated as a potential CSRF attack.",the SQL statement has been executed and the webshell has been created.
The text was updated successfully, but these errors were encountered: