<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: WoltLab Burning Board 3.x.x Private Message Delete XSRF Vulnerability

WoltLab Burning Board 3.x.x Private Message Delete XSRF Vulnerability

From: <nbbn_at_gmx.net>
Date: Sun, 27 Jan 2008 00:23:28 +0100

#############################################################################
WoltLab Burning Board 3.x.x PM Delete Cross-Site Request Forgery Vulnerability
by NBBN. Founded: 25 December 2007
#############################################################################

Examples:
http://domain.tld/wbb3/index.php?page=PM&action=delete&pmID=[pmid]
http://domain.tld/wbb3/index.php?page=PM&action=delete&pmID=1

Fix:

Wait for a fix. Or never surf in other sites, if you have autologin on and
don't click links, when you are logged in.

Vulnerability Versions:

I tested it only on 3.0.1 but I think that all version of 3 are vuln.
Received on Jan 28 2008

This message: [ Message body ]
Next message: Core Security Technologies Advisories: "CORE-2007-1219: Firebird Remote Memory Corruption"
Previous message: milad_sa2007_at_yahoo.com: "ASPired2Protect bypass"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]