MyBB Hide Thread Content 1.0 Information Disclosure

2021-01-29T00:00:00

Description

{"id": "PACKETSTORM:161185", "type": "packetstorm", "bulletinFamily": "exploit", "title": "MyBB Hide Thread Content 1.0 Information Disclosure", "description": "", "published": "2021-01-29T00:00:00", "modified": "2021-01-29T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://packetstormsecurity.com/files/161185/MyBB-Hide-Thread-Content-1.0-Information-Disclosure.html", "reporter": "0xB9", "references": [], "cvelist": ["CVE-2021-3337"], "lastseen": "2021-01-29T13:21:30", "viewCount": 107, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2021-3337"]}, {"type": "exploitdb", "idList": ["EDB-ID:49496"]}], "rev": 4}, "score": {"value": 4.6, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2021-3337"]}, {"type": "exploitdb", "idList": ["EDB-ID:49496"]}]}, "exploitation": null, "vulnersScore": 4.6}, "sourceHref": "https://packetstormsecurity.com/files/download/161185/mybbhtc10-disclose.txt", "sourceData": "`# Exploit Title: MyBB Hide Thread Content Plugin 1.0 - Information Disclosure \n# Date: 1/27/2021 \n# Author: 0xB9 \n# Twitter: @0xB9Sec \n# Contact: 0xB9[at]pm.me \n# Software Link: https://community.mybb.com/mods.php?action=view&pid=1430 \n# Version: 1.0 \n# Tested on: Windows 10 \n# CVE: CVE-2021-3337 \n \n1. Description: \nThis plugin hides thread content until user replies to the thread. The information disclosure is hidden content can be viewed without replying. \n \n2. Proof of Concept: \n \n- Visit a post where content is hidden \n- Click the reply or quote button below \nThread content will be displayed in the [quote] bracket without needing to reply \n \n`\n", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1646008883}}

{"cve": [{"lastseen": "2022-03-23T18:36:41", "description": "The Hide-Thread-Content plugin through 2021-01-27 for MyBB allows remote attackers to bypass intended content-reading restrictions by clicking on reply or quote in the postbit.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-01-28T20:15:00", "type": "cve", "title": "CVE-2021-3337", "cwe": ["CWE-863"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3337"], "modified": "2021-02-04T14:51:00", "cpe": ["cpe:/a:hide_thread_content_project:hide_thread_content:1.0"], "id": "CVE-2021-3337", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3337", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:hide_thread_content_project:hide_thread_content:1.0:*:*:*:*:mybb:*:*"]}], "exploitdb": [{"lastseen": "2022-05-13T17:40:15", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2021-01-29T00:00:00", "type": "exploitdb", "title": "MyBB Hide Thread Content Plugin 1.0 - Information Disclosure", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["2021-3337", "CVE-2021-3337"], "modified": "2021-01-29T00:00:00", "id": "EDB-ID:49496", "href": "https://www.exploit-db.com/exploits/49496", "sourceData": "# Exploit Title: MyBB Hide Thread Content Plugin 1.0 - Information Disclosure\r\n# Date: 1/27/2021\r\n# Author: 0xB9\r\n# Twitter: @0xB9Sec\r\n# Contact: 0xB9[at]pm.me\r\n# Software Link: https://community.mybb.com/mods.php?action=view&pid=1430\r\n# Version: 1.0\r\n# Tested on: Windows 10\r\n# CVE: CVE-2021-3337\r\n\r\n1. Description:\r\nThis plugin hides thread content until user replies to the thread. The information disclosure is hidden content can be viewed without replying.\r\n\r\n2. Proof of Concept:\r\n\r\n- Visit a post where content is hidden\r\n- Click the reply or quote button below\r\nThread content will be displayed in the [quote] bracket without needing to reply", "sourceHref": "https://www.exploit-db.com/download/49496", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}

MyBB Hide Thread Content 1.0 Information Disclosure

Description

Related