You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Download the simplified version of EmpireCMS7.2 utf-8 on the empire website.Local installation vulnerability rediscovered
Register two regular users in CMS
The logon user is test and the receiving user is 123456
Build your own CSRF request code by grabbing the packet for the request。The package I built sends a message to the test user
Clear cookies exit test user login 123456 user
Run our built CSRF to let 123456 users access it
click
Message sent successfully
Login test user to view, message sent successfully
Look at the source code does not do user authentication
Download the simplified version of EmpireCMS7.2 utf-8 on the empire website.Local installation vulnerability rediscovered
Register two regular users in CMS
The logon user is test and the receiving user is 123456
Build your own CSRF request code by grabbing the packet for the request。The package I built sends a message to the test user
Clear cookies exit test user login 123456 user
Run our built CSRF to let 123456 users access it
click
Message sent successfully
Login test user to view, message sent successfully
Look at the source code does not do user authentication