# Exploit Title: Vanilla Forums <= 2.0.18.8 & Van2Shout 1.0.51 Multiple CSRF # Google Dork: n/a # Date: 13/4/13 # Exploit Author: Henry Hoggard # Vendor Homepage: [http://vanillaforums.org/ , http://vanillaforums.org/addon/van2shout-plugin] # Software Link: [http://vanillaforums.org/download, http://vanillaforums.org/get/van2shout-plugin-1.051] # Version: [2.0.18.8 , 1.0.51] # Tested on: [Debian] # CVE : ======================= You can exploit these by having the user visit a thread with the img src of the below urls. eg