🚨 GitHub 监控消息提醒
🚨 发现关键词: #CSRF
📦 项目名称: YouCan-Admin-Takeover
👤 项目作者: imad457
🛠 开发语言: None
⭐ Star数量: 1 | 🍴 Fork数量: 0
📅 更新时间: 2026-02-19 12:33:24
📝 项目描述:
🔗 点击访问项目地址
🚨 发现关键词: #CSRF
📦 项目名称: YouCan-Admin-Takeover
👤 项目作者: imad457
🛠 开发语言: None
⭐ Star数量: 1 | 🍴 Fork数量: 0
📅 更新时间: 2026-02-19 12:33:24
📝 项目描述:
YouCan.shop CVSS 9.8 SSO Bypass: 52,706 stores vulnerable via token leak in 302 redirect. Store ID → token1 → admin sessionid → full dashboard + Orders/PII access. Zero-auth takeover. PoC chain: curl accounts.youcan.shop/sso?broker→302 leak→admin panel. Fixed: server-side tokens + CSRF. (Dec 25, 2025)🔗 点击访问项目地址
GitHub
GitHub - imad457/NextJS-RCE-Root-Takeover: Pentest Report: Next.js 16.0.6 RCE (CVE-2025-66478)
Pentest Report: Next.js 16.0.6 RCE (CVE-2025-66478) - imad457/NextJS-RCE-Root-Takeover
