I found a csrf vuln on famous board trough a "hacker" can add a admin user with admin privilege on site.
But i have a problem, when i try it (like admin user, click on csrf code) the site respond me: WARNING: yuor broswer don't send the HTTP_referrer header. I don't understand why the site don't accept my POST request, how can i bypass this, or how can i send it?
thnaks in advance, for more info contact me with PM or at xados@hotmail.it

maybe because there is a referrer check ?

---
blog [-] microblog

uhm..it's impossible becouse I 'm logged in with admin account.. se the referrer is normal.. like http://mysite../../admin/..

Could be they require a GET instead of a POST, who knows.

eheh.. i don't know .. :(

Why not to try explicitly send referrer in headers? Don't say it's impossible until you check.