bug-bounty481
google307
xss278
microsoft260
facebook216
rce162
apple155
exploit141
bragging-post102
malware99
account-takeover98
csrf84
cve82
privilege-escalation75
stored-xss65
authentication-bypass65
writeup61
browser58
reflected-xss57
react54
phishing53
cloudflare52
ssrf51
dos51
input-validation49
access-control49
cross-site-scripting48
node48
aws46
docker46
smart-contract45
sql-injection45
ethereum44
defi43
supply-chain43
web-security43
web-application42
oauth41
web339
reverse-engineering37
burp-suite36
lfi35
idor35
vulnerability-disclosure34
html-injection33
race-condition32
smart-contract-vulnerability32
clickjacking31
information-disclosure30
csp-bypass30
0
6/10
CVE-2017-5244 is a CSRF vulnerability in Metasploit commercial editions (Express, Community, Pro <4.14.0) where GET requests to stop/stop_all task routes were not properly validated, allowing attackers to kill all running Metasploit tasks via malicious JavaScript injection. The vulnerability exploited missing CSRF token validation and improper HTTP method enforcement.
csrf
cross-site-request-forgery
metasploit
web-security
anti-csrf-bypass
improper-token-validation
cwe-352
poc
vulnerability-disclosure
CVE-2017-5244
Metasploit Project
Rapid7
Mohamed A. Baset
Seekurity
Samuel Huckins