Able to Select Every Poll Option[http://tedwebers-famous-loudspeakers.vanillacommunities.com]
State Resolved (Closed)
Disclosed publicly 2018-08-08T14:37:37.595Z
Reported To
Weakness Privilege Escalation
Bounty $150
Collapse


Timeline
submitted a report to Vanilla .
2018-03-15T20:48:32.246Z

Summary:

Hello
I would like to report a bug in which i was able to select multiple poll options even when a user is only allowed to select a single option.

Description:
In the New discussion are of the site http://tedwebers-famous-loudspeakers.vanillacommunities.com , there is an option to create a new poll , so when i tried to create a poll with four options , using proxy i was able to replay four requests with four different poll id's and was successful in selecting all four options which should not have been allowed.

Steps to reproduce:

1.Open http://tedwebers-famous-loudspeakers.vanillacommunities.com

  1. Go to Discussions tab
  2. Select New Poll option 4 Create a Poll
  3. Select one of the options of the poll
  4. Capture the request in Burp
  5. Replay the request By changing the Poll Option ID in request

The output can be seen below:-

Patch:-

There should be mapping of the user id who has given a vote with the poll option id.

Regards
sahil tikoo

Impact

A user can give multiple votes in a Poll which should not be allowed , such parameter tampering can result in malfunction of poll voting functionality.

Regards,
Frans

tikoo_sahil Activities::Comment
2018-03-20T11:35:32.193Z
Any updates?


dexterr Activities::BugTriaged
2018-03-20T18:35:32.058Z
Hi there. Thank you for reporting this issue. It has been triaged as a legitimate exploit and will be patched soon.


tikoo_sahil Activities::Comment
2018-03-20T20:36:27.841Z
Okay thanks!!


Activities::BountyAwarded
2018-03-28T18:36:54.159Z


tikoo_sahil Activities::Comment
2018-03-29T08:56:27.210Z
Hey there, is it a 0 day? And will there be a cve assigned for it?


tikoo_sahil Activities::Comment
2018-04-10T18:18:15.986Z
any updates?


dexterr Activities::Comment
2018-04-10T18:20:14.738Z
This issue has been patched and is currently waiting for a deploy.


tikoo_sahil Activities::Comment
2018-04-10T20:07:56.288Z
I had few queries, could you please resolve them? 1. Is the issue affecting all the users using this message board cloud service? 2. Will there be a new release of Vanilla forums codebase regarding this issue? Thanks and Regards, sahil tikoo


tikoo_sahil Activities::Comment
2018-04-29T20:00:23.843Z
Any updates on deployment ?


tikoo_sahil Activities::Comment
2018-05-20T14:35:39.800Z
hey any updates ?


tikoo_sahil Activities::Comment
2018-06-15T19:54:17.122Z
Hey, can we close this as resolved ?


tikoo_sahil Activities::HackerRequestedMediation
2018-06-19T18:11:53.317Z
Just need to close the issue as resolved but no response.


dexterr Activities::BugResolved
2018-07-09T14:02:40.263Z
Closing this report as resolved.


tikoo_sahil Activities::AgreedOnGoingPublic
2018-07-09T14:37:29.991Z
can we disclose?


Activities::ReportBecamePublic
2018-08-08T14:37:37.719Z