header-logo
Suggest Exploit
vendor:
MyBB Visual Editor
by:
Numan OZDEMIR
5.4
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: MyBB Visual Editor
Affected Version From: 1.8.18
Affected Version To: 1.8.18
Patch Exists: YES
Related CWE: CVE-2018-17128
CPE: 2.3:a:mybb:mybb:1.8.18
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: None
2018

MyBB Visual Editor 1.8.18 – Cross-Site Scripting

Attacker can run JavaScript codes in victim user's browser while victim is replying a post. 'videotype' section causes this. To reproduce, enter to thread posting page (newthread.php, enter title and content), click 'insert a video' command, select any source and insert any URL, edit the video source with payload or directly add code '[video=PAYLOAD]http://victim.com[/video]', and post the thread. While victim user replying the post, his browser will run JavaScript. Vulnerable pages are editpost.php, newreply.php, private.php, and all Visual Editor embedded pages.

Mitigation:

Upgrade to version 1.8.19 or later.
Source

Exploit-DB raw data:

# Title: MyBB Visual Editor 1.8.18 - Cross-Site Scripting
# Author: Numan OZDEMIR
# Vendor Homepage: mybb.com
# Software Link: https://mybb.com/download/
# Version: Up to v1.8.18. Fixed in v1.8.19.
# PoC Video: https://numanozdemir.com/mybb/xss.mp4
# CVE: CVE-2018-17128

# Description:
# Attacker can run JavaScript codes in victim user's browser while victim is replying a post.
# 'videotype' section causes this.

# How to Reproduce:

1)- Enter to thread posting page. (newthread.php, enter title and content.)
2)- Click "insert a video" command. Select any source and insert any URL.
3)- Edit the video source with your payload.
Or, directly add this code:

[video=PAYLOAD]http://victim.com[/video]
Example:
[video=PA<svg/onload=alert('xss')>YLOAD]http://victim.com[/video]

4)- Post the thread.

# While victim user replying your post, his browser will run JavaScript.
# Vulnerable pages: editpost.php, newreply.php, private.php
# and all Visual Editor embedded pages.

Navigation

Suggest Exploit

Services By CQR