MyBB User Social Networks Plugin 1.2 - Persistent Cross-Site Scripting

EDB-ID:

34539

CVE:


EDB Verified:

Author:

Fikri Fadzil

Type:

webapps

Exploit:   /  

Platform:

PHP

Date:

2014-09-05

Vulnerable App: 
# Exploit Title: User Social Networks MyBB Plugin 1.2 - Cross Site Scripting
# Google Dork: N/A
# Date: 05.09.2014
# Exploit Author: Fikri Fadzil - fikri.fadzil@impact-alliance.org
# Vendor Homepage - N/A
# Software Link: http://mods.mybb.com/view/user-social-networks
# Version: 1.2
# Tested on: PHP


Description:
This plugin allows you to add social networks, or related, in user
profiles. The information will be shown in a user profile and visible for
anyone who view the profile.

Proof of Concept
1. Login into your account.
2. Go to "Edit Profile" page at "/usercp.php?action=profile"
3. Update your Social Network ID with
"><script>alert(document.cookie)</script><"
4. The result can be seen in multiple places, including your profile page.

* The script will be executed whenever anyone view your profile.
** The result can also be seen in threads you involve IF the administrator
configure this plugin to allow user's social sites information to be
published in every post.

Solution:
Replace the content of "inc/plugins/usersocial.php" with this fix:
http://pastebin.com/T1WgcwDB
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services