Latest MyBB and vBulletin Vulnerable to XSRF - Web Application Security

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Who's Online (0)

Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]

Web Application Security

Latest MyBB and vBulletin Vulnerable to XSRF

Xin October 2010
Posts: 3,251

So ive been doing some pentesting and found that both the newest MyBB and vBulletin are vulnerable to XSRF, through some scripting i have been able to get IP addresses, browsers etc however due to the session_id variables being un guessable i havent been able to do anything dangerous with it.

However i will keep it private as i dont want the attack being performed here. (Unless you are Elite or Staff or whatever) ;)

Xin
dR.sqL March 2011
Posts: 23

:D
Wow Thats so nice.. !
Would you share it after you will fix that vulnerability here in that site ? ! :)
chroniccommand March 2011
Posts: 1,389

Epic dude. Teach me your ways :D
Xin March 2011
Posts: 3,251

said:

Epic dude. Teach me your ways :D

Date:10-30-2010, 05:06 PM

Been patched now :(

Xin
chroniccommand March 2011
Posts: 1,389

said:

said:

Epic dude. Teach me your ways :D

Date:10-30-2010, 05:06 PM

Been patched now :(

Nooooooooooooooo :/

Still, teach me your ways. I would like to get a bit more into web exploitation anyway. I should probably learn PHP after C.

I think you should also make a paper/guide on finding vulns in PHP code.
Xin March 2011
Posts: 3,251

said:

said:

said:

Epic dude. Teach me your ways :D

Date:10-30-2010, 05:06 PM

Been patched now :(

Nooooooooooooooo :/

Still, teach me your ways. I would like to get a bit more into web exploitation anyway. I should probably learn PHP after C.

I think you should also make a paper/guide on finding vulns in PHP code.

Ill get on it now :)

Xin
Sh3llc0d3 March 2011
Posts: 1,910

Good job Xin :)

Add a Comment

Howdy, Stranger!

Top Posters

Who's Online (0)