Vuln Dev
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Re: Woltlab Burning Board (wbb) 2.3.6 CSRF/XSS - 0day Mar 02 2007 07:41PM
MC Iglo (mc iglo googlemail com)
On my WBB 2.3.3 (and i think, this is the default setting) you cannot
access register.php when logged in (even as admin). So you need to be
logged off to open the evil site. And when you are logged off, the
cookie is simply useless.

Also, on my Forum, only r_dateformat and r_timeformat are affected...

[ more ]  

Privacy Statement
Copyright 2010, SecurityFocus