WoltLab Burning Board 3.x.x Private Message Delete XSRF Vulnerability

2008-01-29T00:00:00
ID SECURITYVULNS:DOC:18965
Type securityvulns
Reporter Securityvulns
Modified 2008-01-29T00:00:00

Description

WoltLab Burning Board 3.x.x PM Delete Cross-Site Request Forgery Vulnerability by NBBN. Founded: 25 December 2007

Examples: http://domain.tld/wbb3/index.php?page=PM&action=delete&pmID=[pmid] http://domain.tld/wbb3/index.php?page=PM&action=delete&pmID=1

Fix:

Wait for a fix. Or never surf in other sites, if you have autologin on and don't click links, when you are logged in.

Vulnerability Versions:

I tested it only on 3.0.1 but I think that all version of 3 are vuln.