| 제목 | SourceCodester Note Taking App 1.0 Cross Site Request Forgery |
|---|
| 설명 | A Cross-Site Request Forgery (CSRF) vulnerability was discovered in SourceCodester Note Taking App 1.0. The vulnerability exists in the note deletion functionality located in notes/delete.php. The application processes deletion requests via HTTP GET method using the id parameter without implementing any CSRF token validation or request origin
verification. An unauthenticated remote attacker can craft a malicious HTML page containing a hidden image tag or script that silently sends a deletion request to the vulnerable endpoint. When an authenticated victim visits the attacker-controlled page while logged into the application, the browser automatically includes the session cookie with the forged request, causing the victim's notes to be permanently deleted without their knowledge or consent. The attack requires no privileges and only needs the victim to visit a malicious webpage, making it easily exploitable through phishing or social engineering campaigns. |
|---|
| 원천 | ⚠️ https://gist.github.com/Mohdanass/b7c5984922238397d10644f5f33ec592 |
|---|
| 사용자 | Anas22335 (UID 96357) |
|---|
| 제출 | 2026. 03. 11. PM 07:10 (22 날 ago) |
|---|
| 모더레이션 | 2026. 03. 27. AM 09:53 (16 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 353858 [SourceCodester Note Taking App 까지 1.0 교차 사이트 요청 위조] |
|---|
| 포인트들 | 20 |
|---|