Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

1 matches found

seebug.org
seebug.orgadded 2014/03/16 12:0 a.m.19 views

Discuz! X2.5 / X3 / X3.1中CSRF攻击防御可被绕过

简要描述: 写插件的时候偶然发现的...可绕过Discuz自带的CSRF攻击 详细说明: discuz在判断表单时用这个函数: submitcheck'submit', true 其中第二个参数本来应该是是否允许GET请求的选项。 在X2.5 / X3 / X3.1中,第二个参数为true时竟然不判断formhash直接return true了…… 使用批量搜索工具搜索discuz源代码里的submitcheck, ……然后发现官方也用了这种写法,尿了尿了 另外表示X2和之前的都没看过,不确定是否有问题。 我本地的X2.5 X3 X3.1这个文件基本都一样…… 漏洞证明:...

7.1AI score
Exploits0
Rows per page
Query Builder