# Exploit Title : miniblog 1.0.1 - Cross-Site Request Forgery (Add New Post) # Author : Besim # Google Dork : # Date : 09/10/2016 # Type : webapps # Platform : PHP # Vendor Homepage : http://www.spyka.net/scripts/php/miniblog # Software link : http://dl.spyka.co.uk/scripts/php/miniblog-1-0-1.zip Description (admin login required) : miniblog 1.0.1 versions is vulnerable to CSRF attack, adding, delete and edit article in the sections Vulnerable page : http://localhost:8081/miniblog/*adm/admin.php?mode=add Dangerous point : if used with XSS can be steal on the admin's cookie information. *############### CSRF PoC ###############*
########################################