# CVE-2021-27885 e107 CMS 2.3.0 跨站請求偽造漏洞
==EXP==
# Exploit Title: e107 CMS 2.3.0 - CSRF # Date: 04/03/2021 # Exploit Author: Tadjmen # Vendor Homepage: https://e107.org # Software Link: https://e107.org/download # Version: 2.3.0 # Tested on: Windows 10 # CVE : CVE-2021-27885 CSRF vulnerability on e107 CMS ## Bug Description Hi. I found a CSRF on the e107 CMS. Hacker can change password any user click the link. ## How to Reproduce Steps to reproduce the behavior: 1. Create a CSRF login POC using the following code. `````` 2. Replace the email and password with the valid credentials. 3. Send the link script to the victim (admin) to make them click. 4. Login with new admin passwordCross Site Request Forgery (Edit Existing Admin details) Cross Site Request Forgery (Edit Existing Admin details)
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容