PHP Melody 1.9 CSRF vulnerabilitie

Credit: Mehdi Dadkhah
Risk: Low
Local: No
Remote: Yes
CWE: CWE-352

PHP Melody 1.9 CSRF vulnerabilitie ------------------------------------------------------------ == Description == - Software link: - Affected versions: version 1.9 .other versions might be affected as well. - Vulnerability discovered by: Mehdi Dadkhah(Isfahan)(Email: -Google Dork: intext:"PHP Melody 1.9 powered by PHP Melody." == Vulnerabilities == #CSRF Address : == Proof of concept == - For the CSRF Address ,we have: #CSRF Address : Form name: login Form action: Form method: POST Form inputs: ausername [Text] apassword [Password] An attacker may force the users of a web application to execute actions of the attacker's choosing. A successful CSRF exploit can compromise end user data and operation in case of normal user. If the targeted end user is the administrator account, this can compromise the entire web application. == Solution == Check if this form requires CSRF protection and implement CSRF countermeasures if necessary.


Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018,


Back to Top