Description
One: use CSRF vulnerability to delete pictures
Vulnerability details:
When the administrator logs in, opening the webpage will automatically delete the specified image.
Vulnerability url: http://127.0.0.1/pluck/admin.php?action=images
Vulnerability POC:
Two: use the CSRF vulnerability to delete the topic
Vulnerability details:
When the administrator logs in, opening the web page will automatically delete the specified topic.
Vulnerability url: http://127.0.0.1/pluck/admin.php?action=theme
Vulnerability POC:
Three: use CSRF vulnerability to remove the module
Vulnerability details:
When the administrator logs in, open the webpage and the specified module will be deleted automatically.
Vulnerability url: http://127.0.0.1/pluck/admin.php?action=modules
Vulnerability POC:
Four: use CSRF vulnerability to delete pictures
Vulnerability details:
When the administrator logs in, opening the web page will automatically delete the specified article.
Vulnerability url: http://127.0.0.1/pluck/admin.php?action=page
Vulnerability POC:
Vulnerability suggestions:
One: Detect user submissions by referer, token, or verification code.
Second: It is best to use the post operation for users to modify and delete.