You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
CSRF exists in the background (administrator) to delete users:
The backend only cares about the values of the parameters' deleteuserids' and 'updateuserids'
So the attacker only needs to know the user's ID to construct a malicious link to complete the intrusion
The following is a normal request packet for deleting user operations。
I use this request package to construct a malicious html interface and only add the required parameters.
When a user with administrative rights clicks on this malicious link, the user (id=3) is successfully deleted.
The text was updated successfully, but these errors were encountered:
eqwadasd
changed the title
HongCMS3.0-CSRF in multiple function points
User deletion caused by CSRF
Nov 12, 2019
CSRF exists in the background (administrator) to delete users:
![image](https://user-images.githubusercontent.com/42021243/68638496-b28d4200-053c-11ea-9896-f7db80fce32b.png)
![image](https://user-images.githubusercontent.com/42021243/68638817-b2417680-053d-11ea-985f-7b9b2a8e86c7.png)
![image](https://user-images.githubusercontent.com/42021243/68639064-57f4e580-053e-11ea-8a17-f9562318304b.png)
The backend only cares about the values of the parameters' deleteuserids' and 'updateuserids'
So the attacker only needs to know the user's ID to construct a malicious link to complete the intrusion
The following is a normal request packet for deleting user operations。
I use this request package to construct a malicious html interface and only add the required parameters.
When a user with administrative rights clicks on this malicious link, the user (id=3) is successfully deleted.
The text was updated successfully, but these errors were encountered: