GeniXCMS implement token to defend CSRF in background management webpage. An attacker is able to bypass the defense as follows:
First, visit the forgotpassword.php page and grab a token, which can be used to launch a CSRF attack:
Then, use the following PoC(The token used following is in another test.):
superfish9
changed the title
CSRF in background management of v1.0.0(latest version)
CSRF in background management of v1.0.0(latest version) discovered by ADLab of Venustech
Feb 11, 2017
superfish9
changed the title
CSRF in background management of v1.0.0(latest version) discovered by ADLab of Venustech
CSRF in background management of v1.0.0(latest version) discovered by "ADLab of Venustech"
Feb 11, 2017
GeniXCMS implement token to defend CSRF in background management webpage. An attacker is able to bypass the defense as follows:

First, visit the forgotpassword.php page and grab a token, which can be used to launch a CSRF attack:
Then, use the following PoC(The token used following is in another test.):
Finally, the response demonstrated that the token is valid:

Thus, we bypass the defense against CSRF, and is able to add an admin account of GeniXCMS.
The text was updated successfully, but these errors were encountered: