WoltLab Burning Board 4.0 Tapatalk Open Redirect

Posted on 14 January 2015

The Tapatalk Plugin com.tapatalk.wbb4 for WoltLab Burning Board 4.0 prior to version 1.1.2 allowed to redirect users to arbitrary URLs. This was possible by specifying the target URL in the URL parameter board_url in URLs like the following: http://www.example.com/mobiquo/smartbanner/welcome.php?board_url=https://www.redteam-pentesting.de CVE-2014-8870 was assigned to this issue. -- RedTeam Pentesting GmbH Tel.: +49 241 510081-0 Dennewartstr. 25-27 Fax : +49 241 510081-99 52068 Aachen https://www.redteam-pentesting.de Germany Registergericht: Aachen HRB 14004 GeschÃ¤ftsfÃ¼hrer: Patrick Hof, Jens Liebchen

TOP

Malware :

Drovorub
Backdoor:Linux/IoTReaper
Ransom:Linux/Erebus.A
Backdoor:Linux/Luabot.A
Linux.Lady

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20