MyBB Thank You/Like Plugin 3.0.0 – Cross-Site Scripting

Exploit Database
39 阅读

作者： 0xB9

日期： 2018-08-10
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/45178/

# Exploit Title: MyBB Thank You/Like Plugin 3.0.0 - Cross-Site Scripting
# Date: 8/1/2018
# Author: 0xB9
# Twitter: @0xB9Sec
# Contact: 0xB9[at]pm.me
# Software Link: https://community.mybb.com/mods.php?action=view&pid=360
# Version: 3.0.0
# Tested on: Ubuntu 18.04
# CVE: CVE-2018-14888


1. Description:
This plugin allows users to thank/like other users threads/posts. In user profiles it shows your most liked post/thread, the post/thread subjects aren't sanitized to user input.
 

2. Proof of Concept:

- Use the following as the post/thread subject<script>alert('XSS')</script>
- Get that post/thread liked by another user (or you)
- Visit your profile to see alert.


3. Solution:
Update to v3.1.0

last Exploits
MyBB Thank You/Like Plugin 3.0.0 – Cross-Site Scripting的更多信息

Xplico 0.5.7 – ‘add.ctp’ Cross-Site Scripting (2)：
Joomla! Component File Download Tracker 3.0 – SQL Injection：
YesWiki 0.2 – ‘template’ Directory Traversal：
Splunk 9.0.4 – Information Disclosure：
WS Interactive Automne 4.1 – ‘/admin/upload-controler.php’ Arbitrary File Upload：
WordPress Plugin PHP Speedy 0.5.2 – ‘admin_container.php’ Remote Code Execution：
Phase Botnet – Blind SQL Injection：
Zabbix 5.0.0 – Stored XSS via URL Widget Iframe：