MyBB User Social Networks Plugin 1.2 – Persistent Cross-Site Scripting

• Exploit Database
• 39 阅读

• 作者： Fikri Fadzil
  日期： 2014-09-05
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/34539/

• # Exploit Title: User Social Networks MyBB Plugin 1.2 - Cross Site Scripting
  # Google Dork: N/A
  # Date: 05.09.2014
  # Exploit Author: Fikri Fadzil - fikri.fadzil@impact-alliance.org
  # Vendor Homepage - N/A
  # Software Link: http://mods.mybb.com/view/user-social-networks
  # Version: 1.2
  # Tested on: PHP
  
  
  Description:
  This plugin allows you to add social networks, or related, in user
  profiles. The information will be shown in a user profile and visible for
  anyone who view the profile.
  
  Proof of Concept
  1. Login into your account.
  2. Go to "Edit Profile" page at "/usercp.php?action=profile"
  3. Update your Social Network ID with
  "><script>alert(document.cookie)</script><"
  4. The result can be seen in multiple places, including your profile page.
  
  * The script will be executed whenever anyone view your profile.
  ** The result can also be seen in threads you involve IF the administrator
  configure this plugin to allow user's social sites information to be
  published in every post.
  
  Solution:
  Replace the content of "inc/plugins/usersocial.php" with this fix:
  http://pastebin.com/T1WgcwDB