Network Security: Detailed info on WoltLab Burning Board 3.x.x Private Message Delete XSRF Vulnerability

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Bugtraq

Subject:	WoltLab Burning Board 3.x.x Private Message Delete XSRF Vulnerability
Date:	Sun, 27 Jan 2008 00:23:28 +0100

Subject:

WoltLab Burning Board 3.x.x Private Message Delete XSRF Vulnerability

Date:

Sun, 27 Jan 2008 00:23:28 +0100

############################################################################# WoltLab Burning Board 3.x.x PM Delete Cross-Site Request Forgery Vulnerability by NBBN. Founded: 25 December 2007 ############################################################################# Examples: http://domain.tld/wbb3/index.php?page=PM&action=delete&pmID=[pmid] http://domain.tld/wbb3/index.php?page=PM&action=delete&pmID=1 Fix: Wait for a fix. Or never surf in other sites, if you have autologin on and don't click links, when you are logged in. Vulnerability Versions: I tested it only on 3.0.1 but I think that all version of 3 are vuln.

<Prev in Thread]	Current Thread	[Next in Thread>
WoltLab Burning Board 3.x.x Private Message Delete XSRF Vulnerability, nbbn <=

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	ASPired2Protect bypass, milad_sa2007
Next by Date:	[Full-disclosure] CORE-2007-1219: Firebird Remote Memory Corruption, Core Security Technologies Advisories
Previous by Thread:	ASPired2Protect bypass, milad_sa2007
Next by Thread:	[Full-disclosure] CORE-2007-1219: Firebird Remote Memory Corruption, Core Security Technologies Advisories
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

ASPired2Protect bypass, milad_sa2007

Next by Date:

[Full-disclosure] CORE-2007-1219: Firebird Remote Memory Corruption, Core Security Technologies Advisories

Previous by Thread:

ASPired2Protect bypass, milad_sa2007

Next by Thread:

[Full-disclosure] CORE-2007-1219: Firebird Remote Memory Corruption, Core Security Technologies Advisories

Indexes:

[Date] [Thread] [Top] [All Lists]