CSRF Vulnerability in /admin/setting.php
Opened this issue · 0 comments
Deleted user commented
/admin/setting.php
if ($_SESSION['alogin']) {
if (isset($_GET['set']) && $_GET['set'] == 'set') {
$db->update('setting', array('value' => $_POST['sitename']), array('name' => 'sitename'));
$db->ExecuteSQL(sprintf("UPDATE `setting` SET `value` = '%s' WHERE `setting`.`name` = 'sitetitle';", $db->databaseLink->real_escape_string($_POST['sitetitle'])));
$db->update('setting', array('value' => $_POST['size']), array('name' => 'size'));
$db->update('setting', array('value' => $_POST['url']), array('name' => 'url'));
$db->update('setting', array('value' => $_POST['total']), array('name' => 'total'));
$db->update('setting', array('value' => $_POST['admin']), array('name' => 'admin'));
$db->update('setting', array('value' => $_POST['subtitle']), array('name' => 'subtitle'));
...
There you see, no CSRF token, which could lead to system setting modification once the admin visits a malicious web page.