Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web BBS :: Frequently Exploited :: bx1597.htm

Woltlab Burning Board 2.3.6 PL2 Remote Delete Thread XSRF Vulnerability



Woltlab Burning Board 2.3.6 PL2 Remote Delete Thread XSRF Vulnerability
Woltlab Burning Board 2.3.6 PL2 Remote Delete Thread XSRF Vulnerability



########################################################
Woltlab Burning Board 2.3.6 PL2 Remote Delete Thread XSRF Vulnerability                    
by NBBN 
Founed: December 2007       Type: Cross-Site Request Forgery
########################################################


Code:




action="http://localhost/xampp/wbb2/modcp.php" method="post" name="it"> An attacker can send a link to a site with this code to a moderator/administrator and then the thread with the threadid are going to be deleted, when the mod/admin is logged in. (Sorry for my bad english ;-) )


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH