(07-02-2025, 10:48 AM)Filler Wrote: Hello FEMBOYS and GENTLEMANS, today we will be discussing a vulnerability I found in larmacussmall.org!
I dont know if this vulnerability fits into the SSRF (Serverside request forgery) or information disclosure.
So basically the proxy.php (php file that proxies external content)
appears to:
1. Send a proxied request to the external cotent (to cache it)
2. When a user loads up on a page with the image, instead of their request going through proxy.php, it goes through unproxied.
NOTE: This is only a speculation I made while looking at the site through burp suite
Therefore, by opening a user profile / opening a thread with malicious replies, the attackers have your:
- Useragent (browser information)
- IP (internet a.. yeah you know what this is)
This is probably going to be fixed soon due to this thread (also the exploit is very incosistent)
Don't worry, i'm currently testing .org I will let you guys know about other findings
I saw other MyBB forums being targeted by this type of attack recently, though MyBB refuses to patch it (by default) as you can fix it by enabling a option in the adminCP
As for Looksmax.org, I believe its one of these option:
a) Misconfigured proxy.php
b) If the image fails to load (thats the case in the screenshot posted) then Xenforo assumes that proxy.php is broken, and stops proxying the image URL.
c) Since the forum uses Cloudfare's CDN, the CDN maybe cache's the original image URL instead of the proxy one.
