This is a functional CSRF (Cross-Site Request Forgery) exploit for KubeBlog that allows an attacker to add a new user with administrative privileges by tricking an authenticated user into submitting a crafted form. The exploit demonstrates the vulnerability by providing a pre-filled HTML form that submits to the vulnerable endpoint.
Classification
Working Poc 95%
Target:
KubeBlog (version not specified, likely pre-2010)
Auth required
Prerequisites:
Victim must be authenticated as an administrator · Victim must be tricked into submitting the form