header-logo
Suggest Exploit
vendor:
MyBB Facebook Profile Plugin
by:
limb0
7,5
CVSS
HIGH
Persistant XSS
79
CWE
Product Name: MyBB Facebook Profile Plugin
Affected Version From: 2.4
Affected Version To: 2.4
Patch Exists: NO
Related CWE: N/A
CPE: a:mybb:mybb:2.4
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux
2012

MyBB Facebook Profile Plugin Persistant XSS

The MyBB Facebook Profile Plugin is vulnerable to a persistent cross-site scripting (XSS) vulnerability. This vulnerability allows an attacker to inject malicious JavaScript code into the user profile page of a MyBB user. The malicious code will be executed in the browser of any user who views the profile page. The vulnerability exists due to insufficient sanitization of user-supplied input in the 'Facebook id/nickname' field of the user profile page. An attacker can exploit this vulnerability by entering malicious JavaScript code into the 'Facebook id/nickname' field of their profile page. When other users view the profile page, the malicious code will be executed in their browser.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized before being used in the application. Additionally, the application should be configured to use a secure HTTP connection (HTTPS) to protect user data from being intercepted.
Source

Exploit-DB raw data:

# Exploit Title: MyBB Facebook Profile Plugin Persistant XSS
# Date: 12/12/2012
# Exploit Author: limb0
# Vendor Homepage: http://www.collectiontricks.it/
# Software Link: http://mods.mybb.com/view/facebook-profile-link-on-postbit-2-2
# Version: 2.4
# Tested on: Linux

###################################P-XSS######################################

Installation:

1. Upload all folder to your MyBB installation directory.
2. Go to your Admin-CP and click Plugins.
3. Click Install & Activate.

Configuration:

User-CP >> Edit Profile >> Facebook id/nickname >> Type: "><script>alert(/limb0/)</script>
Then visit one of your threads,and voila.

Proofs:
Configuration:http://postimage.org/image/sumvqlro7/
Testing:http://postimage.org/image/57tjltqb9/

-------------------------------Vulnerable Code---------------------------------------
Line 200-216
					$post["iconfacebook"] = '<a href="http://www.facebook.com/' . $post["facebook"] .'" TARGET=_BLANK><img src="'.$mybb->settings['bburl'].'/images/facebook.gif' .'" /></a>';
					} else 
					{
					}
                } else {
					$post["iconfacebook"] = '<a href="http://www.facebook.com/' . $post["facebook"] .'" TARGET=_BLANK><img src="'.$mybb->settings['bburl'].'/images/facebook.gif' .'" /></a>';
				}	
            }


This vulnerable is dedicated to my brothers. <3

Navigation

Suggest Exploit

Services By CQR