Latest MyBB and vBulletin Vulnerable to XSRF - Web Application Security

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Who's Online (1)

Phage 3:49AM

Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]

Web Application Security

Latest MyBB and vBulletin Vulnerable to XSRF

Xin October 2010
Posts: 3,251

So ive been doing some pentesting and found that both the newest MyBB and vBulletin are vulnerable to XSRF, through some scripting i have been able to get IP addresses, browsers etc however due to the session_id variables being un guessable i havent been able to do anything dangerous with it.

However i will keep it private as i dont want the attack being performed here. (Unless you are Elite or Staff or whatever) ;)

Xin
dR.sqL March 2011
Posts: 23

:D
Wow Thats so nice.. !
Would you share it after you will fix that vulnerability here in that site ? ! :)
chroniccommand March 2011
Posts: 1,389

Epic dude. Teach me your ways :D
Xin March 2011
Posts: 3,251

said:

Epic dude. Teach me your ways :D

Date:10-30-2010, 05:06 PM

Been patched now :(

Xin
chroniccommand March 2011
Posts: 1,389

said:

said:

Epic dude. Teach me your ways :D

Date:10-30-2010, 05:06 PM

Been patched now :(

Nooooooooooooooo :/

Still, teach me your ways. I would like to get a bit more into web exploitation anyway. I should probably learn PHP after C.

I think you should also make a paper/guide on finding vulns in PHP code.
Xin March 2011
Posts: 3,251

said:

said:

said:

Epic dude. Teach me your ways :D

Date:10-30-2010, 05:06 PM

Been patched now :(

Nooooooooooooooo :/

Still, teach me your ways. I would like to get a bit more into web exploitation anyway. I should probably learn PHP after C.

I think you should also make a paper/guide on finding vulns in PHP code.

Ill get on it now :)

Xin
Sh3llc0d3 March 2011
Posts: 1,910

Good job Xin :)

Add a Comment

Howdy, Stranger!

Top Posters

Who's Online (1)