MyBB OUGC Feedback 1.8.22 Cross Site Scripting ≈ Packet Storm – Digitalmunition




Exploit/Advisories no-image-featured-image.png

Published on March 12th, 2021 📆 | 2438 Views ⚑

0

MyBB OUGC Feedback 1.8.22 Cross Site Scripting ≈ Packet Storm

MyBB OUGC Feedback 1.8.22 Cross Site Scripting
Posted Mar 11, 2021
Authored by 0xB9

MyBB OUGC Feedback plugin version 1.8.22 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2021-28115
MD5 | 072b6a57ff8ba5bb59ba7f076c831afe
# Exploit Title: MyBB OUGC Feedback Plugin 1.8.22 - Cross-Site Scripting
# Date: 1/30/2021
# Author: 0xB9
# Twitter: @0xB9Sec
# Contact: 0xB9[at]pm.me
# Software Link: https://community.mybb.com/mods.php?action=view&pid=1220
# Version: 1.8.22
# Tested on: Windows 10
# CVE: CVE-2021-28115

1. Description:
This plugin adds a feedback system to your forum. Edit feedback button is vulnerable to XSS.

2. Proof of Concept:

- Go to a user profile
- Add feedback and leave the following payload as comment ">
- View the feedback feedback.php?uid=2
- When clicking Edit payload will execute

Source link

Tagged with:



Leave a Reply