PHP Melody 1.9 CSRF vulnerabilitie

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1044569 漏洞类型
发布时间 2013-08-19 更新时间 2013-08-19
漏洞平台 N/A CVSS评分 N/A
PHP Melody 1.9   CSRF  vulnerabilitie
== Description ==
- Software link:
- Affected versions: version  1.9 .other versions might be affected as well.
- Vulnerability discovered by: Mehdi Dadkhah(Isfahan)(Email:
-Google Dork: intext:"PHP Melody 1.9 powered by PHP Melody."

== Vulnerabilities ==
#CSRF Address :

== Proof of concept ==
 - For the CSRF Address ,we have:
#CSRF Address :
Form name: login
Form action:
Form method: POST

Form inputs:
ausername [Text]
apassword [Password]

An attacker may force the users of a web application to execute actions of the attacker's choosing. A successful CSRF exploit can compromise
end user data and operation in case of normal user. If the targeted end user is the administrator account, this can compromise the entire web
== Solution ==
Check if this form requires CSRF protection and implement CSRF countermeasures if necessary.