Vanilla Forums 2.0.18.4 – Tagging Persistent Cross-Site Scripting

• Exploit Database
• 23 阅读

• 作者： Henry Hoggard
  日期： 2012-06-03
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18980/

• # Title: Vanilla Tagging Stored XSS
  # Date: 1/6/12
  # Author: Henry Hoggard
  # Author URL: henryhoggard.co.uk
  # Author Twitter: @henryhoggard
  # Software: Vanilla Version 2.0.18.4
  # http://vanillaforums.org/download
  
  Create a new thread and post your XSS as tag. I used
  <script>alert('xss')</script>
  
  You will have to use a proxy / manipulate the form to bypass the max-length on the form.
  
  Once you have posted the thread, send an administrator or moderator to
  
  http://server/index.php?p=/vanilla/post/editdiscussion/7
  
  Where 7 is the thread ID of the thread you just made. The XSS will then trigger.
  You can even use a URL shortener to send the link.
  
  Note: The URL may be different depending on what category your thread is in.
  
  #############################################################