Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

EyouCMS v1.5.9 has a vulnerability, Cross-site request forgery(CSRF) #28

Closed
h18192h opened this issue Oct 15, 2022 · 1 comment
Closed

Comments

@h18192h
Copy link

h18192h commented Oct 15, 2022

EyouCMS v1.5.9 has a vulnerability, Cross-site request forgery(CSRF).Located in the backend, member center, editing, Top up balance. To exploit this vulnerability, a quasi-prepared HTML file needs to be opened
1、Go to the background --> member center--> edit member--> Top up balance
图片1
图片2
图片3
2、Grab the request package for recharge and construct it
图片4
3、Open in another browser and go to the background page, see that the user test01 balance is 1000
图片5
4、Click on the structured page
图片6
图片7
The figure above shows the page that automatically jumps after successful execution to check whether the balance has increased?
The balance has increased by 1000:
图片8

@weng-xianhu
Copy link
Owner

已修复,将在v1.6.2版本发布

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants