WoltLab Burning Board 3.x.x Private Message Delete XSRF Vulnerability

From: nbbn@xxxxxxx
Date: Sun, 27 Jan 2008 00:23:28 +0100

#############################################################################
WoltLab Burning Board 3.x.x PM Delete Cross-Site Request Forgery Vulnerability
by NBBN. Founded: 25 December 2007
#############################################################################

Examples:
http://domain.tld/wbb3/index.php?page=PM&action=delete&pmID=[pmid]
http://domain.tld/wbb3/index.php?page=PM&action=delete&pmID=1

Fix:

Wait for a fix. Or never surf in other sites, if you have autologin on and
don't click links, when you are logged in.

Vulnerability Versions:

I tested it only on 3.0.1 but I think that all version of 3 are vuln.

Prev by Date: ASPired2Protect bypass
Next by Date: CORE-2007-1219: Firebird Remote Memory Corruption
Previous by thread: ASPired2Protect bypass
Next by thread: CORE-2007-1219: Firebird Remote Memory Corruption
Index(es):
- Date
- Thread

Relevant Pages

Re: ppp problems
... >> cannot do dns lookups, surf, ping anything else. ... how can I fix it? ...
(Debian-User)
Re: Wvdial cant surf the web
... > wont let me surf the internet. ... What do i need do to fix the problem ... Check /etc/ppp/resolv.conf is created with adequate nameserver IPs in them. ...
(Debian-User)
Re: Fedora 6: Firefox Browser Clicking Back
... begin to surf, the browser keeps clicking back to the page it started from, ... for no apparent reason. ... Is there a fix for this? ...
(Fedora)
application requested runtime terminate
... support team for more information. ... Any idea how to fix this? ... I can surf the internet ...
(microsoft.public.windows.inetexplorer.ie6.browser)
Re: Wvdial cant surf the web
... >>wont let me surf the internet. ... What do i need do to fix the problem ...
(Debian-User)