MyBB ChangUonDyu Extra File Chatbox Persistent XSS Vulnerability

2012-12-13T00:00:00
ID 1337DAY-ID-19957
Type zdt
Reporter n3urot0xin
Modified 2012-12-13T00:00:00

Description

Popular inferno-like chatbox built for MyBB!

                                        
                                            ChangUonDyu Extra File Chatbox Persistent XSS

Location: Chatbox Notice
Vendor: http://community.mybb.com/thread-63559.html

PoC:

function build_notice()
{
	global $fcbfile,$smilies;
	$noticef = file_get_contents($fcbfile['notice']);
	$handle = fopen($fcbfile['ds_notice'],"w");
	if ($noticef)
	{
		$noticef = BBCode($noticef);
		$noticef = strtr($noticef, $smilies);
	}
	fwrite($handle, $noticef);
	fclose($handle);
}

Saves notice to your notice save file without escaping user input.

#  0day.today [2018-01-03]  #