########################################################
Woltlab Burning Board 2.3.6 PL2 Remote Delete Thread XSRF Vulnerability                    
by NBBN 
Founed: December 2007       Type: Cross-Site Request Forgery
########################################################


Code:




action="http://localhost/xampp/wbb2/modcp.php" method="post" name="it"> 

 





 


An attacker can send a link to a site with this code to a 
moderator/administrator and then the thread with the threadid are going to be 
deleted, when the mod/admin is logged in. 

(Sorry for my bad english ;-) )