cscms icon indicating copy to clipboard operation
cscms copied to clipboard
verified publisher icon chshcms

Bug: CsCMS V4.1 CSRF

Open GodEpic opened this issue 7 years ago • 0 comments

Hi, I would like to report CSRF vulnerability inCsCMS V4.1. There is a CSRF vulnerability that can change of payment account to steal property. POC: 1.Login to administrator panel. 2.Open below URL in browser which supports flash. url:http://www.cscms.com/admin.php/pay eg: 1.Before modification csrf1

2.CSRF POC csrfpoc.txt

3.After modification csrf2

GodEpic avatar Mar 06 '19 09:03 GodEpic