Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

YzmCMSV6. 3. There is a CSRF vulnerability in the foreground in the official version(YzmCMS V6.3 正式版前台存在csrf漏洞) #60

Closed
zpxlz opened this issue Jan 22, 2022 · 1 comment

Comments

@zpxlz
Copy link

zpxlz commented Jan 22, 2022

Prepare two accounts: test01 and test02, background settings allow users to contribute,
Generate POC of CSRF with test01, First log in to test01 and comment on an article, and grab the request packet,
image
image

Log in to TEST02 with another browser and open the web page of the generated POC,
Triggered CSRF and successfully commented as TEST02.
image

@yzmcms
Copy link
Owner

yzmcms commented Feb 14, 2022

非安全漏洞,无需修复

@yzmcms yzmcms closed this as completed Feb 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants