YOURLS 1.8.2 - Cross-Site Request Forgery (CSRF)
YOURLS 1.8.2 - Cross-Site Request Forgery (CSRF)
AI Analysis
Technical Summary
YOURLS (Your Own URL Shortener) version 1.8.2 contains a Cross-Site Request Forgery (CSRF) vulnerability identified as CVE-2022-0088. CSRF vulnerabilities occur when a web application does not properly verify that requests modifying state originate from legitimate users, allowing attackers to trick authenticated users into submitting unintended requests. In this case, the vulnerability allows an attacker to force an authenticated YOURLS user to perform actions such as logging out by submitting a crafted HTTP GET request to the admin interface. The provided proof-of-concept exploit is a simple HTML page containing a form that automatically submits a logout request to the YOURLS admin endpoint. When an authenticated user visits this malicious page, the logout action is executed without their consent. Although the demonstrated impact is limited to session termination, the presence of a CSRF vulnerability indicates a lack of anti-CSRF tokens or other protections on state-changing endpoints, which could be exploited for more severe actions if additional endpoints are vulnerable. The exploit was tested on Windows environments, but the vulnerability is platform-agnostic as it targets the web application layer. No official patch or mitigation guidance is linked in the provided information, and no active exploitation in the wild has been reported. YOURLS is an open-source URL shortening service used by various organizations to manage short links, often integrated into marketing, internal communications, or public-facing services.
Potential Impact
For European organizations using YOURLS 1.8.2, this CSRF vulnerability poses a risk primarily to the integrity and availability of user sessions. Forced logout can disrupt administrative workflows and cause denial of service to legitimate users. While the immediate impact is limited, the underlying CSRF weakness could allow attackers to perform more damaging actions if other administrative functions lack CSRF protections. This could lead to unauthorized changes to URL mappings, deletion of data, or other administrative disruptions. Organizations relying on YOURLS for critical URL management may experience operational interruptions and potential reputational damage if attackers exploit this vulnerability. Additionally, forced logouts could be used as part of a broader attack chain to facilitate phishing or session hijacking. The vulnerability requires the victim to be authenticated and visit a malicious webpage, so the attack surface is limited to users with active sessions. However, given the widespread use of YOURLS in various sectors, including marketing and IT operations, the risk is non-negligible. European entities with public-facing YOURLS instances or internal deployments accessible via browsers should prioritize mitigation to avoid service disruptions and potential escalation.
Mitigation Recommendations
1. Upgrade YOURLS to a version that includes proper CSRF protections if available; monitor the official YOURLS GitHub repository and security advisories for patches addressing CVE-2022-0088. 2. Implement web application firewall (WAF) rules to detect and block suspicious requests to the admin interface, especially those lacking valid CSRF tokens or originating from untrusted referrers. 3. Enforce strict session management policies, including short session timeouts and re-authentication for sensitive actions, to reduce the window of opportunity for CSRF attacks. 4. Educate users and administrators about the risks of visiting untrusted websites while authenticated to YOURLS and encourage the use of separate browsers or profiles for administrative tasks. 5. If upgrading is not immediately possible, consider adding custom CSRF tokens to YOURLS forms and validating them server-side, or deploying reverse proxies that inject CSRF protections. 6. Restrict access to the YOURLS admin interface by IP whitelisting or VPN access to reduce exposure. 7. Regularly audit YOURLS configurations and logs for unusual activity that may indicate exploitation attempts. 8. Encourage the use of Content Security Policy (CSP) headers to limit the execution of unauthorized scripts and reduce the risk of CSRF via malicious third-party content.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden
Indicators of Compromise
- exploit-code: # Exploit Title: YOURLS 1.8.2 - Cross-Site Request Forgery (CSRF) # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/yourls/yourls/ # Software Link: https://github.com/yourls/yourls/ # Version: 1.8.2 # Tested on: Windows # CVE : CVE-2022-0088 Proof Of Concept <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>CSRF PoC</title> </head> <body> <h1>CSRF Proof of Concept</h1> <form action="http://yourls/admin/index.php" method="GET"> <input type="hidden" name="action" value="logout"> <input type="submit" value="Submit CSRF Request"> </form> <script> document.forms[0].submit(); </script> </body> </html> This HTML page, when visited by an authenticated user of the vulnerable application, will automatically submit a request to log the user out without their consent, demonstrating the CSRF vulnerability. Steps to Reproduce Save the following code as poc.html. Log in yourls, and open the file in the same browser. Observe the result.
YOURLS 1.8.2 - Cross-Site Request Forgery (CSRF)
Description
YOURLS 1.8.2 - Cross-Site Request Forgery (CSRF)
AI-Powered Analysis
Technical Analysis
YOURLS (Your Own URL Shortener) version 1.8.2 contains a Cross-Site Request Forgery (CSRF) vulnerability identified as CVE-2022-0088. CSRF vulnerabilities occur when a web application does not properly verify that requests modifying state originate from legitimate users, allowing attackers to trick authenticated users into submitting unintended requests. In this case, the vulnerability allows an attacker to force an authenticated YOURLS user to perform actions such as logging out by submitting a crafted HTTP GET request to the admin interface. The provided proof-of-concept exploit is a simple HTML page containing a form that automatically submits a logout request to the YOURLS admin endpoint. When an authenticated user visits this malicious page, the logout action is executed without their consent. Although the demonstrated impact is limited to session termination, the presence of a CSRF vulnerability indicates a lack of anti-CSRF tokens or other protections on state-changing endpoints, which could be exploited for more severe actions if additional endpoints are vulnerable. The exploit was tested on Windows environments, but the vulnerability is platform-agnostic as it targets the web application layer. No official patch or mitigation guidance is linked in the provided information, and no active exploitation in the wild has been reported. YOURLS is an open-source URL shortening service used by various organizations to manage short links, often integrated into marketing, internal communications, or public-facing services.
Potential Impact
For European organizations using YOURLS 1.8.2, this CSRF vulnerability poses a risk primarily to the integrity and availability of user sessions. Forced logout can disrupt administrative workflows and cause denial of service to legitimate users. While the immediate impact is limited, the underlying CSRF weakness could allow attackers to perform more damaging actions if other administrative functions lack CSRF protections. This could lead to unauthorized changes to URL mappings, deletion of data, or other administrative disruptions. Organizations relying on YOURLS for critical URL management may experience operational interruptions and potential reputational damage if attackers exploit this vulnerability. Additionally, forced logouts could be used as part of a broader attack chain to facilitate phishing or session hijacking. The vulnerability requires the victim to be authenticated and visit a malicious webpage, so the attack surface is limited to users with active sessions. However, given the widespread use of YOURLS in various sectors, including marketing and IT operations, the risk is non-negligible. European entities with public-facing YOURLS instances or internal deployments accessible via browsers should prioritize mitigation to avoid service disruptions and potential escalation.
Mitigation Recommendations
1. Upgrade YOURLS to a version that includes proper CSRF protections if available; monitor the official YOURLS GitHub repository and security advisories for patches addressing CVE-2022-0088. 2. Implement web application firewall (WAF) rules to detect and block suspicious requests to the admin interface, especially those lacking valid CSRF tokens or originating from untrusted referrers. 3. Enforce strict session management policies, including short session timeouts and re-authentication for sensitive actions, to reduce the window of opportunity for CSRF attacks. 4. Educate users and administrators about the risks of visiting untrusted websites while authenticated to YOURLS and encourage the use of separate browsers or profiles for administrative tasks. 5. If upgrading is not immediately possible, consider adding custom CSRF tokens to YOURLS forms and validating them server-side, or deploying reverse proxies that inject CSRF protections. 6. Restrict access to the YOURLS admin interface by IP whitelisting or VPN access to reduce exposure. 7. Regularly audit YOURLS configurations and logs for unusual activity that may indicate exploitation attempts. 8. Encourage the use of Content Security Policy (CSP) headers to limit the execution of unauthorized scripts and reduce the risk of CSRF via malicious third-party content.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Edb Id
- 52446
- Has Exploit Code
- true
- Code Language
- text
Indicators of Compromise
Exploit Source Code
Exploit code for YOURLS 1.8.2 - Cross-Site Request Forgery (CSRF)
# Exploit Title: YOURLS 1.8.2 - Cross-Site Request Forgery (CSRF) # Date: 2025-11-25 # Exploit Author: CodeSecLab # Vendor Homepage: https://github.com/yourls/yourls/ # Software Link: https://github.com/yourls/yourls/ # Version: 1.8.2 # Tested on: Windows # CVE : CVE-2022-0088 Proof Of Concept <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0">... (681 more characters)
Threat ID: 692f27653286267b25e73fe7
Added to database: 12/2/2025, 5:52:37 PM
Last enriched: 12/2/2025, 5:52:58 PM
Last updated: 12/5/2025, 5:35:01 AM
Views: 10
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
5 Threats That Reshaped Web Security This Year [2025]
MediumRecord 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts
MediumMicrosoft Silently Patches Windows LNK Flaw After Years of Active Exploitation
HighAttempts to Bypass CDNs, (Wed, Dec 3rd)
MediumDjango 5.1.13 - SQL Injection
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.