Download the latest source code and install it into PHPStudy
Log in to the administrator backend, go to the page shown below, enter the information, use Burp to capture the package, and click Modify.
The data package is as follows. Use Burp Professional Edition to create a CSRF POC, remember to delete the token field in the data package
Copy the link generated by Burp Professional Edition to Firefox and successfully modify the administrator information, including password
Repair suggestion: It is obvious that a repair has been done here before, but it is not complete. If the token does not exist, the legitimacy of the token will not be verified.
Download the latest source code and install it into PHPStudy
Log in to the administrator backend, go to the page shown below, enter the information, use Burp to capture the package, and click Modify.
The data package is as follows. Use Burp Professional Edition to create a CSRF POC, remember to delete the token field in the data package
Copy the link generated by Burp Professional Edition to Firefox and successfully modify the administrator information, including password
Repair suggestion: It is obvious that a repair has been done here before, but it is not complete. If the token does not exist, the legitimacy of the token will not be verified.