bug-bounty512
xss298
google224
rce189
microsoft181
facebook170
exploit154
malware126
account-takeover119
bragging-post117
cve110
apple107
privilege-escalation94
csrf89
authentication-bypass79
stored-xss75
phishing71
open-source68
writeup68
reflected-xss63
access-control62
web-security60
ai-agents59
browser56
ssrf55
input-validation52
dos52
reverse-engineering51
smart-contract48
defi48
cross-site-scripting48
supply-chain46
sql-injection46
ethereum45
cloudflare44
lfi41
information-disclosure40
oauth40
api-security39
race-condition38
web338
react38
web-application37
burp-suite36
ctf36
tool35
pentest35
smart-contract-vulnerability33
idor33
html-injection33
0
6/10
CVE-2017-5244 is a CSRF vulnerability in Metasploit Express, Community, and Pro editions (versions < 4.14.0) that allows attackers to stop all running tasks by tricking authenticated users into loading a malicious page, due to improper validation of anti-CSRF tokens and the use of GET requests for state-changing operations. The vulnerability was patched by enforcing POST-only requests with CSRF token validation.
csrf
cross-site-request-forgery
metasploit
web-application
cve-2017-5244
anti-csrf-bypass
get-request-misuse
proof-of-concept
vulnerability-disclosure
CVE-2017-5244
Metasploit
Rapid7
Mohamed A. Baset
Seekurity
Samuel Huckins