Vanilla Forums version 2.0.18.8 suffers from cross site scripting and insecure permission vulnerabilities.
cc1d87f0dc1b0be146646d781abad9170ec4421ef9d3f355fdde9a8d86df9705# Exploit Title: Vanilla Forums Insecure Permissions Vulnerability
# Date: 15/5/13
# Exploit Author: Henry Hoggard
# Author Website: http://henryhoggard.co.uk
# Vendor Homepage: http://vanillaforums.org
# Software Link: http://vanillaforums.org
# Version: 2.0.18.8
# Tested on: Debian
# CVE : none yet
When you make a draft you can view it at a URL like:
/index.php?p=/post/editdiscussion/0/5
However other accounts can view these drafts by just iterating the
number on the end of the url, such as
/index.php?p=/post/editdiscussion/0/1
/index.php?p=/post/editdiscussion/0/2
etc
# Exploit Title: Vanilla Forums 2.0.18.8 & 2.1 XSS
# Date: May 12 2013
# Exploit Author: Henry Hoggard
# Author URL: http://henryhoggard.co.uk
# Vendor Homepage: http://vanillaforums.org
# Software Link: http://vanillaforums.org
# Version: Vanilla 2.0.18.8
# Tested on: Debian
This occurs in the flagging function.
Tutorial
Flag a post with any flag reason.
Flag the exact same post again, this time with your XSS script
<script>alert(1)</script>
The XSS will trigger on the admin dashboard.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed