Yusei issues

Results 6 issues of


                                            Yusei

Landing-CMS has Storage Cross Site Scripting.

First access the file management page, then click new file to upload the file, select the html file format. http://192.168.187.2/assets/vendor/responsive_filemanager_9.12.1/filemanager/dialog.php payload:```alert(document.cookie)``` When we input the file content as payload, we...

Landing-CMS has Unauthorized Access.

First of all, I did not enter the password to access and found it was blocked. http://192.168.187.2/cms/ But I can still access the file management page. http://192.168.187.2/assets/vendor/responsive_filemanager_9.12.1/filemanager/dialog.php The normal logical...

Landing-CMS has Cross-site request forgery.

http://192.168.18.130/cms/password/ I can change the admin's password when admin click the csrf html file. payload: ``` history.pushState('', '', '/') ``` ![图片](https://user-images.githubusercontent.com/27290132/64594597-e7690580-d3e2-11e9-85f8-821b4f4d107e.png)

simple-cms has Cross-site request forgery

http://192.168.2.129/simple/admin/?delpage=8 I can delete any page when I send the url to administrator. I can also use the Short DomainNames to encode the url. ![1](https://user-images.githubusercontent.com/27290132/43815659-5acd69ea-9b03-11e8-800e-5978172b1cec.png)

simple-cms has Cross-site request forgery

http://192.168.2.129/simple/admin/ I can add page when admin click the html file. payload: ``` history.pushState('', '', '/') ``` ![1](https://user-images.githubusercontent.com/27290132/43815412-29b88f8e-9b02-11e8-960c-5ec121aa28fc.png)

simple-cms has Unauthorized Access

http://192.168.2.129/simple/admin/login.php This url is used to log in admin. But I can access addpage.php without logging admin. And I can also add page. http://192.168.2.129/simple/admin/addpage.php ![1](https://user-images.githubusercontent.com/27290132/43815213-357a310c-9b01-11e8-8565-9054f4fb6e3d.png)