Hacking

YOURLS 1.8.2 – Cross-Site Request Forgery (CSRF)

Author7 minutes ago01 mins

# Exploit Title: YOURLS 1.8.2 - Cross-Site Request Forgery (CSRF)
# Date: 2025-11-25
# Exploit Author: CodeSecLab
# Vendor Homepage: https://github.com/yourls/yourls/
# Software Link: https://github.com/yourls/yourls/
# Version: 1.8.2 
# Tested on: Windows
# CVE : CVE-2022-0088


Proof Of Concept



    
    
    
    CSRF PoC


    
    
    



This HTML page, when visited by an authenticated user of the vulnerable application, will automatically submit a request to log the user out without their consent, demonstrating the CSRF vulnerability.


Steps to Reproduce
Save the following code as poc.html.
Log in yourls, and open the file in the same browser.
Observe the result.

Source link