Vanilla Forums 2.6.3 – Persistent Cross-Site Scripting

• Exploit Database
• 19 阅读

• 作者： Sayak Naskar
  日期： 2020-02-11
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/48042/

• # Exploit Title: Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting
  # Google Dork: N/A
  # Date: 2020-02-10
  # Exploit Author: Sayak Naskar
  # Vendor Homepage: https://vanillaforums.com/en/
  # Version: 2.6.3
  # Tested on: Windows, Linux
  # CVE : CVE-2020-8825
  
  A Stored xss was found in Vanillaforum 2.6.3 .
  
  index.php?p=/dashboard/settings/branding
  
  # Proof of Concept:
  
  An attacker will insert a payload on branding section. So, whenever an user will open the branding section then attacker automatically get all sensitive information of the user.