cmseasy_csrf_addarticle and effect of DoS

There is two CSRF vulnerability that can add the Tag account

After the administrator logged in,open the following one page.

POC:

http://www.8sec.cc/cmseasy_addarticle.txt

The rich text editor can use the iframe tag to embed an out-of-chain page. You can use this feature to complete operations such as worms or black hat SEO.A rich text editor can be used to embed an iframe and a remotely connected poc page is automatically refreshed for 0.1 seconds, causing a server DoS attack. You can resume access only by closing the page and restarting apache/nginx.Poc has been written automatically refresh and auto-commit, set mate time, you can see the effect of DoS

For example:

1

Related Posts

Comments

发表评论

电子邮件地址不会被公开。 必填项已用*标注

This site uses Akismet to reduce spam. Learn how your comment data is processed.