vendor:
BabbleBoard
by:
SirGod
8.8
CVSS
HIGH
Cookie Grabber Exploit/CSRF
352
CWE
Product Name: BabbleBoard
Affected Version From: 1.1.2006
Affected Version To: 1.1.2006
Patch Exists: Yes
Related CWE: N/A
CPE: a:babbleboard:babbleboard:1.1.6
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020
BabbleBoard v1.1.6 Cookie Grabber Exploit/CSRF
This exploit allows an attacker to steal the cookie of any visitor to the BabbleBoard v1.1.6 website. The attacker registers as a user with a malicious script in their username, which redirects visitors to a cookie grabber page. The cookie grabber page then stores the cookie in a log file. Additionally, the attacker can use Cross Site Request Forgery (CSRF) to execute malicious actions such as deleting categories, deleting groups, banning users, and deleting users.
Mitigation:
To mitigate this vulnerability, users should ensure that they are running the latest version of BabbleBoard v1.1.6 and that they have implemented proper security measures such as input validation and authentication.