what you don't know can hurt you

PHP Melody 1.0 Cross Site Request Forgery

PHP Melody 1.0 Cross Site Request Forgery
Posted Aug 18, 2013
Authored by Mehdi Dadkhah

PHP Melody version 1.0 suffers from a cross site request forgery vulnerability.

tags | exploit, php, csrf
MD5 | 795ba9d144f733364062b589e711ccaa

PHP Melody 1.0 Cross Site Request Forgery

Change Mirror Download
PHP Melody 1.9   CSRF  vulnerabilitie
------------------------------------------------------------

== Description ==
- Software link: http://www.dl.seven7soft.net/script/PHPMELODY1.9.zip
- Affected versions: version 1.9 .other versions might be affected as well.
- Vulnerability discovered by: Mehdi Dadkhah(Isfahan)(Email: mehdidadkhah@live.com)
-Google Dork: intext:"PHP Melody 1.9 powered by PHP Melody."


== Vulnerabilities ==
#CSRF Address :http://site.com/admin/login.php

== Proof of concept ==
- For the CSRF Address ,we have:
#CSRF Address :http://site.com/admin/login.php
Form name: login
Form action: http://site.com/admin/login.php
Form method: POST

Form inputs:
ausername [Text]
apassword [Password]

An attacker may force the users of a web application to execute actions of the attacker's choosing. A successful CSRF exploit can compromise
end user data and operation in case of normal user. If the targeted end user is the administrator account, this can compromise the entire web
application.
== Solution ==
Check if this form requires CSRF protection and implement CSRF countermeasures if necessary.

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2015

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    2 Files
  • 2
    Feb 2nd
    17 Files
  • 3
    Feb 3rd
    15 Files
  • 4
    Feb 4th
    16 Files
  • 5
    Feb 5th
    14 Files
  • 6
    Feb 6th
    4 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2015 Packet Storm. All rights reserved.

close