cmseasy_csrf_addarticle and effect of DoS

There is two CSRF vulnerability that can add the Tag account

After the administrator logged in,open the following one page.


The rich text editor can use the iframe tag to embed an out-of-chain page. You can use this feature to complete operations such as worms or black hat SEO.A rich text editor can be used to embed an iframe and a remotely connected poc page is automatically refreshed for 0.1 seconds, causing a server DoS attack. You can resume access only by closing the page and restarting apache/nginx.Poc has been written automatically refresh and auto-commit, set mate time, you can see the effect of DoS

For example:


Related Posts



电子邮件地址不会被公开。 必填项已用*标注