Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
There is two CSRF vulnerability that can add the administrator account After the administrator logged in,open the following one page.
POC:http://www.8sec.cc/archives/596
For example:
The text was updated successfully, but these errors were encountered:
然并卵,登录后台后本来就可以添加管理员,你CSRF添加和你正常添加本来就是一样的,没有意义
Sorry, something went wrong.
..csrf是用来钓鱼的谁说是添加管理员了
所以开发人员没有懂得token的作用。
YzmCMS v5.0 版本后,后台就新增了token验证了,感谢支持!
@yzmcms 你能告诉我解决方法在哪里 ? CVE-2018-10223 已分配 谢谢
No branches or pull requests
There is two CSRF vulnerability that can add the administrator account
After the administrator logged in,open the following one page.
POC:http://www.8sec.cc/archives/596
For example:
The text was updated successfully, but these errors were encountered: