Hi,
I found a CSRF in ThinkCMF version 6.0.7 that allows a remote user to add a Super Admin account by taking advantage of the session of an administrator who is logged into the system. Below are the steps to reproduce this issue.
The remote user tricks the logged in administrator into visiting a malicious site.
The administrator opens the page containing the CSRF payload, injecting the Super Admin user into the site.
The remote user takes control of the site with the credentials he injected.
Hi,
I found a CSRF in ThinkCMF version 6.0.7 that allows a remote user to add a Super Admin account by taking advantage of the session of an administrator who is logged into the system. Below are the steps to reproduce this issue.
This is the PoC I used:
Screenshots
Fig. 1: Vulnerable page
Fig. 2: CSRF Payload
Fig. 3: CSRF Payload Executed
Fig. 4: Super Admin account added
Fig. 5: Super Admin logged in
The text was updated successfully, but these errors were encountered: