PHP Melody version 1.0 suffers from a cross site request forgery vulnerability.
795ba9d144f733364062b589e711ccaa
PHP Melody 1.9 CSRF vulnerabilitie
------------------------------------------------------------
== Description ==
- Software link: http://www.dl.seven7soft.net/script/PHPMELODY1.9.zip
- Affected versions: version 1.9 .other versions might be affected as well.
- Vulnerability discovered by: Mehdi Dadkhah(Isfahan)(Email: mehdidadkhah@live.com)
-Google Dork: intext:"PHP Melody 1.9 powered by PHP Melody."
== Vulnerabilities ==
#CSRF Address :http://site.com/admin/login.php
== Proof of concept ==
- For the CSRF Address ,we have:
#CSRF Address :http://site.com/admin/login.php
Form name: login
Form action: http://site.com/admin/login.php
Form method: POST
Form inputs:
ausername [Text]
apassword [Password]
An attacker may force the users of a web application to execute actions of the attacker's choosing. A successful CSRF exploit can compromise
end user data and operation in case of normal user. If the targeted end user is the administrator account, this can compromise the entire web
application.
== Solution ==
Check if this form requires CSRF protection and implement CSRF countermeasures if necessary.
Comments
Subscribe to this comment feedNo comments yet, be the first!