CVE-2009-4907

oBlog - Cross-Site Request Forgery

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4907.

AI-analyzed exploit summary This is a detailed technical analysis of multiple vulnerabilities in oBlog, including persistent XSS, CSRF, and admin bruteforce. It provides code snippets, vulnerable functions, and proof-of-concept payloads.

Description

Multiple cross-site request forgery (CSRF) vulnerabilities in oBlog allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) force an admin logout, (3) change the visibility of posts, (4) remove links, and (5) change the name fields of a blog.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/10379

View Code ZIP pw:eip

This is a detailed technical analysis of multiple vulnerabilities in oBlog, including persistent XSS, CSRF, and admin bruteforce. It provides code snippets, vulnerable functions, and proof-of-concept payloads.

Classification

Writeup 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: oBlog (version not specified)

No auth needed

Prerequisites: Access to the vulnerable oBlog application

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/37661

Exploit x_refsource_misc

http://packetstormsecurity.org/0912-exploits/oblog-xssxsrf.txt

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/54714

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/60907

Scores

EPSS 0.0097

EPSS Percentile 57.4%

Details

CWE

CWE-352

Status published

Products (1)

dootzky/oblog

Published Jun 25, 2010

Tracked Since Feb 18, 2026