MyBB Visual Editor versions 1.8.18 and below suffer from a cross site scripting vulnerability.
9135e598bbd2a86b784c9a282b8fa7393bcf7cdd4921fee77ebf9059e9713571[+] Title: MyBB Visual Editor Stored XSS <= v1.8.18
[+] Author: Numan OZDEMIR
[+] Vendor Homepage: mybb.com
[+] Software Link: https://mybb.com/download/
[+] Version: Up to v1.8.18. Fixed in v1.8.19.
[+] PoC Video: https://numanozdemir.com/mybb/xss.mp4
[+] CVE: CVE-2018-17128
[+] Discovered by Numan OZDEMIR in InfinitumIT Labs
[+] root@numanozdemir.com - info@infinitumit.com.tr
[~] Description:
Attacker can run JavaScript codes in victim user's browser while victim
is replying a post.
'videotype' section causes this.
[~] How to Reproduce:
1)- Enter to thread posting page. (newthread.php, enter title and
content.)
2)- Click "insert a video" command. Select any source and insert any
URL.
3)- Edit the video source with your payload.
Or, directly add this code:
[video=PAYLOAD]https://victim.com[/video]
Example:
[video=PA<svg/onload=alert('xss')>YLOAD]https://victim.com[/video]
4)- Post the thread.
While victim user replying your post, his browser will run JavaScript.
Vulnerable pages:
editpost.php
newreply.php
private.php
and all Visual Editor embedded pages.
// for secure days...
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed