CVE-2010-3026

Tomaz Muraus Open Blog 1.2.1 - CSRF

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-3026. PoCs published by High-Tech Bridge SA.

AI-analyzed exploit summary This is a functional CSRF exploit for Open Blog 1.2.1, demonstrating how an attacker can forge a request to elevate a user's privileges to administrator via a crafted HTML form with auto-submission.

Description

Cross-site request forgery (CSRF) vulnerability in application/modules/admin/controllers/users.php in Tomaz Muraus Open Blog 1.2.1, and possibly earlier, allows remote attackers to hijack the authentication of administrators for requests to admin/users/edit that grant administrative privileges.

Exploits (1)

exploitdb WORKING POC

by High-Tech Bridge SA · htmlwebappsphp

https://www.exploit-db.com/exploits/14562

View Code ZIP pw:eip

This is a functional CSRF exploit for Open Blog 1.2.1, demonstrating how an attacker can forge a request to elevate a user's privileges to administrator via a crafted HTML form with auto-submission.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Open Blog 1.2.1 and prior versions

No auth needed

Prerequisites: Victim must visit a malicious page while authenticated to the target application

MITRE ATT&CK