Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

EyouCMS v1.5.9 has a vulnerability, Cross-site request forgery(CSRF) #27

Closed
h18192h opened this issue Oct 15, 2022 · 1 comment
Closed

Comments

@h18192h
Copy link

h18192h commented Oct 15, 2022

A security vulnerability exists in EyouCMS V1.5.9 in the backend, Members Center, Editing Membership, and Points Top-up.

  1. Enter the background - > member center - > edit member - > points recharge, as shown in the figure:
    图片1
    图片2
    图片3
  2. Grab the recharge request package and construct it, as shown below:
    图片4
  3. Open and enter the background page in the browser to view the user test01 points:
    图片5
    图片6
  4. Click on the constructed web page:
    图片7
    图片8
    The figure above shows the page that automatically jumps after successful execution to check whether the points have increased:
    图片9
    图片10
@weng-xianhu
Copy link
Owner

已修复,将在v1.6.2版本发布

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants