EIP-2026-107918
PRE-CVEInvision Power Board (IP.Board) 3.x - Cross-Site Request Forgery / Token Hjiacking
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-107918. PoCs published by Piotr S..
AI-analyzed exploit summary This exploit demonstrates a CSRF token hijacking vulnerability in IP Board 3.x by leveraging improper input sanitization in the sharelink function. The attacker crafts a malicious URL to redirect the victim to an attacker-controlled domain, capturing the CSRF token via a GET parameter and using it to perform unauthorized actions.
Description
Invision Power Board (IP.Board) 3.x - Cross-Site Request Forgery / Token Hjiacking
Exploits (1)
This exploit demonstrates a CSRF token hijacking vulnerability in IP Board 3.x by leveraging improper input sanitization in the sharelink function. The attacker crafts a malicious URL to redirect the victim to an attacker-controlled domain, capturing the CSRF token via a GET parameter and using it to perform unauthorized actions.