Headline
CVE-2022-43323: EyouCMS v1.5.9 has a vulnerability, Cross-site request forgery(CSRF) · Issue #28 · weng-xianhu/eyoucms
EyouCMS V1.5.9-UTF8-SP1 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Top Up Balance component under the Edit Member module.
EyouCMS v1.5.9 has a vulnerability, Cross-site request forgery(CSRF).Located in the backend, member center, editing, Top up balance. To exploit this vulnerability, a quasi-prepared HTML file needs to be opened
1、Go to the background --> member center–> edit member–> Top up balance
2、Grab the request package for recharge and construct it
3、Open in another browser and go to the background page, see that the user test01 balance is 1000
4、Click on the structured page
The figure above shows the page that automatically jumps after successful execution to check whether the balance has increased?
The balance has increased by 1000: