发布日期:2014-09-05
更新日期:2014-09-09
受影响系统:
MyBB User Social Networks 1.2
描述:
BUGTRAQ ID: 69653
MyBB User Social Networks插件可以在用户配置内添加社交网络或联系人。
MyBB User Social Networks插件1.2版本在'/usercp.php'的实现上存在HTML注入漏洞,成功利用后可使用户提供的HTML及JS代码运行在受影响站点上下文中,从而窃取cookie身份验证凭证,控制站点等。
<*来源:Fikri Fadzil
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
# Exploit Title: User Social Networks MyBB Plugin 1.2 - Cross Site Scripting
# Google Dork: N/A
# Date: 05.09.2014
# Exploit Author: Fikri Fadzil - fikri.fadzil@impact-alliance.org
# Vendor Homepage - N/A
# Software Link:
# Version: 1.2
# Tested on: PHP
Description:
This plugin allows you to add social networks, or related, in user
profiles. The information will be shown in a user profile and visible for
anyone who view the profile.
Proof of Concept
1. Login into your account.
2. Go to "Edit Profile" page at "/usercp.php?action=profile"
3. Update your Social Network ID with
"><script>alert(document.cookie)</script><"
4. The result can be seen in multiple places, including your profile page.
* The script will be executed whenever anyone view your profile.
** The result can also be seen in threads you involve IF the administrator
configure this plugin to allow user's social sites information to be
published in every post.
Solution:
Replace the content of "inc/plugins/usersocial.php" with this fix:
建议:
厂商补丁:
MyBB
----
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: