Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

There is a csrf vulnerability in catfish - <=6.3.0 #8

Open
cyber-word opened this issue Dec 12, 2021 · 0 comments
Open

There is a csrf vulnerability in catfish - <=6.3.0 #8

cyber-word opened this issue Dec 12, 2021 · 0 comments

Comments

@cyber-word
Copy link

[Suggested description]
Cross Site Request Forgery (CSRF) vulnerability exists incatfish - <=6.3.0. First, you upload an html file containing csrf on the website
that uses a google editor, (you only need to search in google:
inurl:catfishcms/index.php/admin/Index/addmenu.html and then use the authoity of this
When you have background permissions and want to induce other users to perform sensitive operations, you can specify the menu url address as your malicious url address in the Add Menu column

[Vulnerability Type]
Cross Site Request Forgery (CSRF)

[Vendor of Product]
https://github.com/xwlrbh/Catfish

[Affected Product Code Base]
catfish - <=6.3.0

[Affected Component]
To find a website that uses this editor, you only need to search in google: inurl:catfishcms/index.php/admin/Index/addmenu.html
Because this is the feature file of this editor

[Attack Type]
Remote

[Impact Code execution]
true

Attackers can use websites trusted by users to perform dangerous operations

[Attack Vectors]

<title>csrf test</title> // your target url

image
image

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant