PHP-fusion v7.02.06 XSRF/CSRF vulnerability

2013-05-25T00:00:00
ID 1337DAY-ID-20806
Type zdt
Reporter Euforia33
Modified 2013-05-25T00:00:00

Description

The PHP-Fusion BBCode system contains a XSRF vulnerability which is exploited through the IMG tags. The function that checks a remote image link will output an image as a long a as it meets the requirements (in this cases an image). Check image exists => check file extension is valid for images => if !$err => display image else => not display image.

This is private exploit. You can buy it at https://0day.today