MyBB Visual Editor Stored XSS <= v1.8.18

2018.09.22
tr Numan OZDEMIR (TR) tr
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2018-17128
CWE: CWE-79
Dork: intext:"Powered By MyBB"


CVSS Base Score: 3.5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 6.8/10
Exploit range: Remote
Attack complexity: Medium
Authentication: Single time
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

[+] Title: MyBB Visual Editor Stored XSS <= v1.8.18 [+] Author: Numan OZDEMIR [+] Vendor Homepage: mybb.com [+] Software Link: https://mybb.com/download/ [+] Version: Up to v1.8.18. Fixed in v1.8.19. [+] PoC Video: https://numanozdemir.com/mybb/xss.mp4 [+] CVE: CVE-2018-17128 [+] Discovered by Numan OZDEMIR in InfinitumIT Labs [+] root@numanozdemir.com - info@infinitumit.com.tr [~] Description: Attacker can run JavaScript codes in victim user's browser while victim is replying a post. 'videotype' section causes this. [~] How to Reproduce: 1)- Enter to thread posting page. (newthread.php, enter title and content.) 2)- Click "insert a video" command. Select any source and insert any URL. 3)- Edit the video source with your payload. Or, directly add this code: [video=PAYLOAD]xxx[/video] Example: [video=PA<svg/onload=alert('xss')>YLOAD]xxx[/video] 4)- Post the thread. While victim user replying your post, his browser will run JavaScript. Vulnerable pages: editpost.php newreply.php private.php and all Visual Editor embedded pages. // for secure days...


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top