[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 21 Feb 2015 13:36:14 +0100
From: Steffen Rösemann <steffen.roesemann1986@...il.com>
To: oss-security@...ts.openwall.com
Subject: CVE-Request -- MyBB v. 1.8.3 -- Multiple stored XSS-vulnerabilities
Hi Steve, Josh, vendors, list.
The researchers adamziaja, Devilshakerz, DingjieYang and me found multiple
stored XSS-vulnerabilities in the administrative backend of CMS MyBB v.
1.8.3.
The stored XSS-vulnerabilities can be found in different modules in the
following locations of a common MyBB installation:
======================
Module "config-attachment_types"
======================
via form-field MIME-type:
http://{TARGET}/admin/index.php?module=config-attachment_types&action=add
executed in: e.g. http://
{TARGET}/admin/index.php?module=config-attachment_types
===============
Module "config-mycode"
===============
via form fields "title" and "short description":
http://{TARGET}/admin/index.php?module=config-mycode&action=add
executed in: e.g. http://{TARGET}/admin/index.php?module=config-mycode
===================
Module "forum-management"
===================
via form field "title":
http://{TARGET}/admin/index.php?module=forum-management&action=add
executed in: e.g. http://{TARGET}/admin/index.php?module=forum
==============
Module "user-groups"
==============
via form fields "title" and/or "short description":
http://{TARGET}/admin/index.php?module=user-groups&action=add
executed in: e.g. http://{TARGET}/admin/index.php?module=user-groups
================
Module "style-templates"
================
via form field "name":
http://{TARGET}/admin/index.php?module=style-templates&action=add_set
executed in: e.g. http://{TARGET}/admin/index.php?module=style-templates
====================================
Module "style-templates" in action "add_template_group"
====================================
via form field "title":
http://
{TARGET}/admin/index.php?module=style-templates&action=add_template_group
executed in: e.g. http://
{TARGET}/admin/index.php?module=style-templates&sid={TEMPLATES_NUMERIC_ID}
=============
Module "tool-tasks"
=============
via form field "title":
http://{TARGET}/admin/index.php?module=tools-tasks&action=add
executed in: e.g. http://{TARGET}/admin/index.php?module=tools-adminlog
=================
Module "config-post_icons"
=================
via form field "name":
http://{TARGET}/admin/index.php?module=config-post_icons&action=add
executed in: e.g. http://{TARGET}/admin/index.php?module=tools-adminlog
=============
Module "user-titles"
=============
via form field "title to assign":
http://{TARGET}/admin/index.php?module=user-titles&action=add
executed in: e.g. http://{TARGET}/admin/index.php?module=tools-adminlog
================
Module "config-banning"
================
via form field "username":
http://{TARGET}/admin/index.php?module=config-banning&type=usernames
executed in: e.g. http://{TARGET}/admin/index.php?module=tools-adminlog
Can I have a CVE-ID/CVE-IDs for these issues?
Thank you very much.
Greetings from Germany.
Steffen Rösemann
[1] http://www.mybb.com
[2] http://sroesemann.blogspot.de/2015/02/sroeadv-2015-15.html
[3] http://www.mybb.com/get-involved/security/
[4]
http://blog.mybb.com/2015/02/15/mybb-1-8-4-released-feature-update-security-maintenance-release/
[5] http://seclists.org/fulldisclosure/2015/Feb/80
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
