Vanilla Forums 2.0.16 <= Cross Site Scripting Vulnerability

2011.01.29
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

============================================== Vanilla Forums 2.0.16 <= Cross Site Scripting Vulnerability ============================================== 1. OVERVIEW The Vanilla Forums 2.0.16 and lower versions were vulnerable to Cross Site Scripting. 2. BACKGROUND Vanilla Forums are open-source, standards-compliant, customizable discussion forums. It is specially made to help small communities grow larger through SEO mojo, totally customizable social tools, and great user experience. Vanilla is also built with integration at the forefront, so it can seamlessly integrate with your existing website, blog, or custom-built application. 3. VULNERABILITY DESCRIPTION The 'Target' parameter was not properly sanitized after user logs in, which allows attacker to conduct Cross Site Scripting attack. An attacker could prepare a link in a forum post that includes a link to a file which seems to require authentication. Upon logging in, user will get XSSed. 4. VERSIONS AFFECTED 2.0.16 and lower 5. PROOF-OF-CONCEPT/EXPLOIT http://vanilla/index.php?p=/entry/signin&Target=javascript:alert(document.cookie)//http:// 6. SOLUTION Upgrade to Vanilla Forums 2.0.17 or higher 7. VENDOR Vanilla Forums Development Team http://vanillaforums.org/ 8. CREDIT This vulnerability was discovered by Aung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar. 9. DISCLOSURE TIME-LINE 2010-12-14: notified vendor 2011-01-18: vendor released fix 2011-01-27: vulnerability disclosed 10. REFERENCES Original Advisory URL: http://yehg.net/lab/pr0js/advisories/[vanilla_forums-2.0.16]_cross_site_scripting What XSS Can Do: http://yehg.net/lab/pr0js/view.php/What%20XSS%20Can%20Do.pdf XSS FAQs: http://www.cgisecurity.com/articles/xss-faq.shtml XSS (wiki): http://en.wikipedia.org/wiki/Cross-site_scripting XSS (owasp): http://www.owasp.org/index.php/Cross-site_Scripting_(XSS) CWE-79: http://cwe.mitre.org/data/definitions/79.html #yehg [2011-01-27] --------------------------------- Best regards, YGN Ethical Hacker Group Yangon, Myanmar http://yehg.net Our Lab | http://yehg.net/lab Our Directory | http://yehg.net/hwd

References:

http://vanillaforums.org/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top