ModStartCMS icon indicating copy to clipboard operation
ModStartCMS copied to clipboard

Published 20 hours ago verified publisher icon modstart

ModStartCMS V4.6.0 has a vulnerability, Cross-site request forgery(CSRF)

Open Rookie-is opened this issue 2 years ago • 4 comments

Build ModStartCMSv4.6.0 locally Background, background permissions -> administrator -> add image Click to add a user test image packet capture image send csrf poc image image image Click to send,refresh background image image New administrator test appears

Rookie-is avatar Aug 24 '22 10:08 Rookie-is

本地搭建 ModStartCMSv4.6.0 后台,后台权限->管理员->添加 image 点击添加,添加管理员test image 抓包 image 发送csrf poc image image

image 点击发送,刷新后台,test管理员添加成功 image image

Rookie-is avatar Aug 24 '22 10:08 Rookie-is

可以为cookie添加SameSite 属性来解决这个问题

Rookie-is avatar Aug 26 '22 13:08 Rookie-is

This problem can be solved by adding the SameSite attribute to the cookie

Rookie-is avatar Aug 26 '22 13:08 Rookie-is

released

modstart avatar Nov 05 '22 09:11 modstart