Discuz! X2.5/X3/X3.1 Delete administrator accounts with CSRF

Source: Internet
Author: User
Tags csrf attack

Last vulnerability: Discuz! CSRF AttacK Defense in X2.5/X3/X3.1 can be bypassed: http://www.bkjia.com/Article/201405/300378.html

You replied that the setup was not required for verification by programmers ...... So this is probably your design problem.

The user page deleted in the background is simply submitcheck ('submit ', 1). According to the previous instructions, the program does not judge formhash, that is, it can be used for CSRF.

However, to exploit this vulnerability, the administrator must log on to the background. However, this vulnerability is not very troublesome (for example, the administrator can intentionally add keywords for review and then trigger the trojan. In fact, the administrator cannot post phishing messages)

Post and insert Discuz! Code:

[Img] admin. php? Frame = no & action = members & operation = clean & submit = 1 & uidarray = 1 & confirmed = yes [/img]

You can modify uidarray to delete multiple specified users.

The deleted administrator will force logon to log out. After logon, the system will prompt ucenter activation (the user in the discuz database has been deleted). After activation, the Administrator will lose the management right.

The above code can be slightly modified to delete and clear post data at the same time, which is too dangerous for me to try ......


Formhash judgment

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.