Headline
CVE-2023-31708: Three csrf vulnerabilities, you can modify Settings, you can delete articles, you can delete users · Issue #41 · weng-xianhu/eyoucms
A Cross-Site Request Forgery (CSRF) in EyouCMS v1.6.2 allows attackers to execute arbitrary commands via a supplying a crafted HTML file to the Upload software format function.
let’s see the operation:
First,we should add the js and html in “Upload software format” .
Second,we clicked the submit,and use Burp suite to Intercept the packet.
Third,we use the csrf tools in burp suite profession to create CSRF poc
Put the poc into an html file and send it to the victim,when the administrator clicke the page ,this means we can upload the js/html file.
Fourth,When we use the administrator account to delete the administrator account, or delete the article, use burp suite to capture the package, make csrf poc
Fifth,We need a low permission account to publish the article, then put the two produced POCs into the html file, and then into the attachment
When the administrator opens this attachment, the article and possibly the administrator are deleted, and this is not restricted by browser security
This is the code in question
Solution: Add the token authentication