MiniCMS icon indicating copy to clipboard operation
MiniCMS copied to clipboard
verified publisher icon bg5sbk

I find another vulnerability CSRF to delete page in mc-admin/page.php

Open testRemake opened this issue 6 years ago • 0 comments

use CSRF vulnerability to delete multiple pages

it was found in mc-admin/page.php.This vulnerability is similar to CVE-2019-9603 but at a different place.

if admin create new page like ccc,aaa or more

L$9ZNCOV96DJFD(} CYV%HM

@3WWT}RSGEKY7}N_5IR@MYV

Vulnerability details: When the administrator logs in, opening the webpage will automatically delete the specified page

Vulnerability url: http://127.0.0.1/MiniCMS/mc-admin/page.php

Vulnerability POC:

delete one :

delete more :

just like this:

FXD{(3DZ37FDS%0XW1 OX4D

testRemake avatar Jul 23 '19 16:07 testRemake