Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-5776 PoC — MAGMI 跨站请求伪造漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-5776.yaml
Associated Vulnerability
Title:MAGMI 跨站请求伪造漏洞 (CVE-2020-5776)
Description:MAGMI是一款轻量级 UI 组件。 MAGMI中存在跨站请求伪造漏洞,该漏洞源于WEB应用未充分验证请求是否来自可信用户。攻击者可利用该漏洞通过受影响客户端向服务器发送非预期的请求。
Description
MAGMI (Magento Mass Importer) is vulnerable to cross-site request forgery (CSRF) due to a lack of CSRF tokens. Remote code execution (via phpcli command) is also possible in the event that CSRF is leveraged against an existing admin session.
File Snapshot

 id: CVE-2020-5776

info:
  name: MAGMI - Cross-Site Request Forgery
  author: dwisiswant0
  severity

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.