Social Sites MyBB Plugin 0.2.2 Cross Site Scripting

vendor:

Social Sites MyBB Plugin

by:

s3m00t

7,5

CVSS

HIGH

Cross Site Scripting

CWE

Product Name: Social Sites MyBB Plugin

Affected Version From: 0.2.2

Affected Version To: 0.2.2

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: PHP

2012

Social Sites MyBB Plugin 0.2.2 Cross Site Scripting

Lack of input validation at several places allows an attacker to inject malicious JavaScript code into the vulnerable application. This can be done by submitting the payload " /><script>alert(1)</script><img src=" into any of the fields on the page usercp.php?action=socialsites. The input will be stored and executed when the page is loaded.

Mitigation:

Replace the content of "inc/plugins/socialsites.php" with the script provided by the author.

Source

Exploit-DB raw data:

# Exploit Title: Social Sites MyBB Plugin 0.2.2 Cross Site Scripting
# Google Dork: inurl:usercp.php?action=socialsites
# Date: 13.12.2012
# Exploit Author: s3m00t
# Vendor Homepage: http://mattrogowski.co.uk/mybb/
# Software Link: http://mods.mybb.com/view/social-sites
# Version: 0.2.2
# Tested on: PHP

Reason:
Lack of input validation at several places.

Proof of Concept:
1. Navigate to "usercp.php?action=socialsites" and you will see a number of
fields as http://i.imgur.com/0tz98.png.
2. Submit below input into any of the field:
" /><script>alert(1)</script><img src="
3. The input will be stored as shown at http://i.imgur.com/Z8bYM.png

Solution:
Replace the content of "inc/plugins/socialsites.php" with this script:
http://pastebin.com/5JLdg4gh