Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

YzmCMS V6. 3. CSRF vulnerability exists in the official version(YzmCMS V6.3 正式版存在csrf漏洞) #59

Closed
zpxlz opened this issue Jan 21, 2022 · 1 comment

Comments

@zpxlz
Copy link

zpxlz commented Jan 21, 2022

This vulnerability allows arbitrary users to be deleted,
There is a user with ID 3,
image

Click delete and capture the package to generate the POC of CSRF,
image

Package the deletion request to dorp, and put the generated POC in the HTML page and send it to the administrator. When the administrator clicks the page, the user with ID 3 can be deleted.
image
image

@yzmcms
Copy link
Owner

yzmcms commented Feb 14, 2022

下一个版本修复

@yzmcms yzmcms closed this as completed Feb 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants