MyBB Plugin Downloads 2.0.3 – Cross-Site Scripting

Exploit Database
15 阅读

作者： 0xB9

日期： 2018-04-05
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/44400/

# Exploit Title: MyBB Downloads Plugin v2.0.3 - Persistent XSS
# Date: 3/28/18
# Author: 0xB9
# Contact: luxorforums.com/User-0xB9 or 0xB9[at]protonmail.com
# Software Link: https://community.mybb.com/mods.php?action=view&pid=854
# Version: 2.0.3
# Tested on: Ubuntu 17.10


1. Description:
It is a plugin which adds a page to download files. If enabled, regular members can add new downloads to the page after admin approval.


2. Proof of Concept:

Persistent XSS
- Go to downloads.php page
- Create a New Download
- Add the following to the title <BODY ONLOAD=alert('XSS')>
- Now when the admin goes to validate your download he will be alerted


3. Solution:
Update to the latest release

Patch: https://github.com/vintagedaddyo/MyBB_Plugin-Downloads/pull/1/commits

last Exploits
MyBB Plugin Downloads 2.0.3 – Cross-Site Scripting的更多信息

AVE DOMINAplus 1.10.x – Authentication Bypass：
Todoo Forum 2.0 – ‘todooforum.php’ Multiple SQL Injections：
GR Board 1.8.6 – ‘page.php’ Remote File Inclusion：
ATutor LMS – ‘/install_modules.php’ Cross-Site Request Forgery / Remote Code Execution：
October CMS v3.4.4 – Stored Cross-Site Scripting (XSS) (Authenticated)：
Meditate Web Content Editor ‘username_input’ – SQL Injection：
Joomla! Component JE Directory 1.7 – ‘ditemid’ SQL Injection：
Kryn.cms 0.9 – ‘_kurl’ Cross-Site Scripting：