My-Blog icon indicating copy to clipboard operation
My-Blog copied to clipboard
verified publisher icon ZHENFENG13

No CSRF protection for any request

Open NinjaGPT opened this issue 5 months ago • 0 comments

Summary

The application has no CSRF protection, allowing attackers to leverage CSRF to launch various attacks against admin users. Particularly when combined with XSS vulnerabilities, this would enable attackers to target both frontend users and admin users.

POC

Image Image

NinjaGPT avatar Jul 26 '25 07:07 NinjaGPT