PHP Melody version 1.0 suffers from a cross site request forgery vulnerability.
d7d1ed29ca609c86e928ba84a072f2f3dc3487e248c146e6b33e7c09de6f5b0dPHP Melody 1.9 CSRF vulnerabilitie
------------------------------------------------------------
== Description ==
- Software link: http://www.dl.seven7soft.net/script/PHPMELODY1.9.zip
- Affected versions: version 1.9 .other versions might be affected as well.
- Vulnerability discovered by: Mehdi Dadkhah(Isfahan)(Email: mehdidadkhah@live.com)
-Google Dork: intext:"PHP Melody 1.9 powered by PHP Melody."
== Vulnerabilities ==
#CSRF Address :http://site.com/admin/login.php
== Proof of concept ==
- For the CSRF Address ,we have:
#CSRF Address :http://site.com/admin/login.php
Form name: login
Form action: http://site.com/admin/login.php
Form method: POST
Form inputs:
ausername [Text]
apassword [Password]
An attacker may force the users of a web application to execute actions of the attacker's choosing. A successful CSRF exploit can compromise
end user data and operation in case of normal user. If the targeted end user is the administrator account, this can compromise the entire web
application.
== Solution ==
Check if this form requires CSRF protection and implement CSRF countermeasures if necessary.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed