New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Denial of service attack caused by CSRF(CSRF造成的拒绝服务攻击) #27
Comments
|
|
看好你 |
|
这个有什么用吗,只能进行更改url规则有什么作用 |
|
恶意更改url规则后可导致原本的各种路由无法使用,整站都无法访问(管理员无法登陆,网站无法使用)。并且可用正则表达式一次更改多重类型路由
…---原始邮件---
发件人: "MangoYou"<notifications@github.com>
发送时间: 2020年1月10日(周五) 下午5:29
收件人: "yzmcms/yzmcms"<yzmcms@noreply.github.com>;
抄送: "laker"<603088740@qq.com>;"Author"<author@noreply.github.com>;
主题: Re: [yzmcms/yzmcms] Denial of service attack caused by CSRF(CSRF造成的拒绝服务攻击) (#27)
这个有什么用吗,只能进行更改url规则有什么作用
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
|
嗯嗯是的
…---原始邮件---
发件人: "MangoYou"<notifications@github.com>
发送时间: 2020年1月10日(周五) 晚上10:35
收件人: "yzmcms/yzmcms"<yzmcms@noreply.github.com>;
抄送: "laker"<603088740@qq.com>;"Author"<author@noreply.github.com>;
主题: Re: [yzmcms/yzmcms] Denial of service attack caused by CSRF(CSRF造成的拒绝服务攻击) (#27)
恶意更改url规则后可导致原本的各种路由无法使用,整站都无法访问(管理员无法登陆,网站无法使用)。并且可用正则表达式一次更改多重类型路由
…
---原始邮件--- 发件人: "MangoYou"<notifications@github.com> 发送时间: 2020年1月10日(周五) 下午5:29 收件人: "yzmcms/yzmcms"<yzmcms@noreply.github.com>; 抄送: "laker"<603088740@qq.com>;"Author"<author@noreply.github.com>; 主题: Re: [yzmcms/yzmcms] Denial of service attack caused by CSRF(CSRF造成的拒绝服务攻击) (#27) 这个有什么用吗,只能进行更改url规则有什么作用 — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe.
懂了,重点还是在于那个正则匹配上,修改任意路由可以使主页外的网页都出错吧
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
Hello, I found a vulnerability in your application. I call it a denial of service attack caused by CSRF. The point of vulnerability is the URL rule configuration. When I use CSRF to configure an illegal rule for administrators, the access routing of the whole station will be changed. That is to say, it is totally inaccessible and the site is in 404 status. (Its priority is higher than the original admin/et al route).
Attacks are shown as follows:
No token check is used at the setup route.

the poc is:
When the POC is executed, all routes of the site http://host/aaaaaa are directed to http://host/hack_by_laker
And we can define multiple routes in a link, so that all routes are customized and the whole station will crash so that it cannot be accessed.




In Chinese:

您好,我在您的应用程序上发现了一个漏洞,我称它为CSRF造成的拒绝服务攻击。漏洞的产生点在URL规则配置,当我利用CSRF让管理员配置一个不合法的规则,整个站的访问路由都将被改变。也就是完全无法访问,站点全部呈现404状态。(其优先级高于原本的admin/等路由)。
攻击展示如下:
the poc is:
在设置路由处未使用token校验,
并且我们可以在一个链接中定义多个路由,这样,所有的路由全部被自定义,整站将崩溃以致于无法访问:




The text was updated successfully, but these errors were encountered: