New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CSRF Vulnerability exists in the file of Z-BLOG 1.5.2.1935 #201

Open
Ppsoft1990 opened this Issue Oct 29, 2018 · 1 comment

Comments

Projects
None yet
2 participants
@Ppsoft1990

Ppsoft1990 commented Oct 29, 2018

CSRF Vulnerability exists in the file of Z-BLOG 1.5.2.1935
官网下载的,版本1.5.2.1935
https://www.zblogcn.com/zblogphp/

一些文件可以直接访问会导致csrf_token泄漏。
例如当zb_users/plugin/AppCentre/theme.js.php被以js文件在script标签加载时,
在自己的页面,可以用这个js来操作自己的dom,这样就会间接泄漏csrftoken
image

同时后端对新建模版、新建插件正则似乎有点小问题。最终可能导致代码执行。
image
CSRF Vulnerability exists in the file of Z-BLOG 1.5.2.1935.docx

@zsxsoft

This comment has been minimized.

Member

zsxsoft commented Oct 29, 2018

  1. CSRF Token泄漏问题收到,非常感谢!
  2. 后台本身就可代码执行,除非开启应用中心的“安全模式”。不过这个正则的确有毒……
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment