Profile Skype ID MyBB Plugin Stored XSS

vendor:

Profile Skype ID MyBB Plugin

by:

limb0

7,5

CVSS

HIGH

Stored XSS

CWE

Product Name: Profile Skype ID MyBB Plugin

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: Yes

Related CWE: N/A

CPE: mybb:user_profile_skype_id

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2012

Profile Skype ID MyBB Plugin Stored XSS

The Profile Skype ID MyBB Plugin is vulnerable to stored XSS. An attacker can inject malicious JavaScript code into the Skype ID field of a user profile. When a user visits the profile, the malicious code will be executed in the user's browser.

Mitigation:

The vendor has released an update to address this vulnerability. Users should update to the latest version of the Profile Skype ID MyBB Plugin.

Source

Exploit-DB raw data:

# Exploit Title: Profile Skype ID MyBB Plugin Stored XSS
# Date: 14/12/2012
# Exploit Author: limb0
# Vendor Homepage: http://www.dragonknightz.net/
# Software Link: http://mods.mybb.com/view/user-profile-skype-id
# Version: 1.0
# Category:Web Security
# Tested on: Linux

+------------------------------------------------------------+
Stored XSS-Instructions
1.Install&Activate plugin
2.Go to UserCP >> Edit Profile >>  Skype ID:
3.Inject your string(xss) ex. "><script>alert("Skype ID XSS")</script>
4.Visit your profile and voila

Proof
Inject:https://imageshack.us/photo/my-images/22/screenshotfrom201212141.png/
Result:https://imageshack.us/photo/my-images/41/screenshotfrom201212141.png/
+-------------------------------------------------------------+

Vulnerable code:
function profileskype_update($skype)
{
  global $mybb;
  if (isset($mybb->input['skype']))
   {
      $skype->user_update_data['skype'] = $mybb->input['skype'];
   }
}