Open ghost opened 7 years ago
/admin/setting.php
if ($_SESSION['alogin']) { if (isset($_GET['set']) && $_GET['set'] == 'set') { $db->update('setting', array('value' => $_POST['sitename']), array('name' => 'sitename')); $db->ExecuteSQL(sprintf("UPDATE `setting` SET `value` = '%s' WHERE `setting`.`name` = 'sitetitle';", $db->databaseLink->real_escape_string($_POST['sitetitle']))); $db->update('setting', array('value' => $_POST['size']), array('name' => 'size')); $db->update('setting', array('value' => $_POST['url']), array('name' => 'url')); $db->update('setting', array('value' => $_POST['total']), array('name' => 'total')); $db->update('setting', array('value' => $_POST['admin']), array('name' => 'admin')); $db->update('setting', array('value' => $_POST['subtitle']), array('name' => 'subtitle')); ...
There you see, no CSRF token, which could lead to system setting modification once the admin visits a malicious web page.
/admin/setting.php
There you see, no CSRF token, which could lead to system setting modification once the admin visits a malicious web page.