wetech-cms
wetech-cms copied to clipboard
Published
20 hours ago •
cjbi
cjbi
There is a CSRF vulnerability in adding an administrator user
1.Interface address location:http://{IP_address}/wetech_web/admin/user/add.do
2.I deleted the Referer and Origin fields,Interface replay successful,Here Generate CSRF HTML using Burp,The username and password are designed to be root123
3.Click on the fake link
Successfully logged in using account root123
