EyouCMS v1.5.9 has a vulnerability, Cross-site request forgery(CSRF).Located in the backend, member center, edit member profile. To exploit this vulnerability, a constructed HTML file needs to be opened
Enter the background - > member center - > edit members - > basic information
Construct a request package to modify the membership level and login password, among other basic information
The figure above shows the constructed web code, and the password is changed to "csrftest" through CSRF, and the membership level is changed to premium membership (100 days).
View profile
In this case, the password is "test01" and the membership level is registered member
Click on the constructed web page
Return to the client refresh page to log in to test01 again, the password has been changed to "csrftest", and the membership level has been changed to premium membership
At this point the password has been changed to "csrftest"
The client views personal information:
View the test01 user's profile in the background:
The text was updated successfully, but these errors were encountered:
EyouCMS v1.5.9 has a vulnerability, Cross-site request forgery(CSRF).Located in the backend, member center, edit member profile. To exploit this vulnerability, a constructed HTML file needs to be opened
The figure above shows the constructed web code, and the password is changed to "csrftest" through CSRF, and the membership level is changed to premium membership (100 days).
In this case, the password is "test01" and the membership level is registered member
Return to the client refresh page to log in to test01 again, the password has been changed to "csrftest", and the membership level has been changed to premium membership
At this point the password has been changed to "csrftest"
The client views personal information:
View the test01 user's profile in the background:
The text was updated successfully, but these errors were encountered: