Emlog Cross-Site Request Forgery Vulnerability in Article Creation Leading to Account Takeover

A cross-site request forgery (CSRF) vulnerability has been identified in Emlog version 2.5.23, specifically within the article creation feature. This vulnerability allows an attacker to coerce a user into posting an article containing arbitrary, attacker-controlled content. When this malicious content is combined with stored cross-site scripting, it can result in account takeover. The vulnerability arises because certain functions do not utilize CSRF tokens, and the application lacks proper input sanitization, leaving it open to XSS attacks.

Impact

Exploitation of this vulnerability could lead to unauthorized article postings and, when combined with the stored XSS vulnerability, allow for account takeover of the affected user.

Reproduction

To reproduce this vulnerability, a proof-of-concept (PoC) can be created and hosted on any server. The PoC should be sent to a victim user, including an admin. When the victim accesses the crafted request, it will automatically submit an article with the specified title and content, which includes an image tag designed to steal cookies and send them to the attacker's server. After the article is posted, the attacker can access the stolen cookies and potentially hijack the victim's account.