MyBB TagCloud version 2.0 suffers from a cross site scripting vulnerability.
f70983856ea48fb4db52dc9d46f3ec08a266e8f21982f924e292bc447d5a2dd5
====================================================
MYBB TagCloud 2.0 cross site scripting vulnerability
====================================================
Author: http://www.3ethicalhackers.com
Discovered by: http://www.3ethicalhackers.com
Original post: http://www.3ethicalhackers.com
=====================================================================
Description:
MYBB TagCloud 2.0 is an open source plugin, it is used to to show all recent posts.
How to exploit:
Enter html or javascript into topic field, once tagcloud displays the thread it will execute the malicious code
that was set within the topic field.
Download Link: http://www.mybbcentral.com/thread-1681.html
Number of times downloaded: 402
=====================================================================
[ vuln code ]
$message .= "<a href=\"".$mybb->settings['bburl']."/showthread.php?tid=".$thread['tid']."\"><span style=\"font-size:".$sizes[$fontsize]."px\">".$thread['subject']."</span></a> |\r\n";
[ Fixed Code ]
$message .= "<a href=\"".$mybb->settings['bburl']."/showthread.php?tid=".$thread['tid']."\"><span style=\"font-size:".$sizes[$fontsize]."px\">".htmlentities($thread['subject'])."</span></a> |\r\n";
=====================================================================
[ proof of concept ]
Topic Field: <h1>LOLIMADEEVERYTHINGBIG!
^once tagcloud displays that piece of code, everything within the tagcloud will become huge ;D
Topic Field: <script>javascript:alert("lolcats")</script>
^once tagcloud displays that piece of code, a message will pop up saying "lolcats"
======================================================================
JOIN US IN IRC
IRC.SMASHTHESTACK.ORG #3ETHICAL
FORUMS @ 3ETHICALHACKERS.COM
=========================| -=[ E0F ]=- |=================================