MyBB 1.6.10 'url' Parameter Arbitrary Site Redirection Vulnerability
Title: MyBB 1.6.10 'url' Parameter Arbitrary Site Redirection Vulnerability
Advisory ID: ZSL-2013-5152
Type: Local/Remote
Impact: Spoofing
Risk: (2/5)
Release Date: 07.08.2013
Apache 2.4.2 (Win32)
PHP 5.4.7
MySQL 5.5.25a
[06.08.2013] Vendor has knowledge about the issue.
[07.08.2013] Public security advisory released.
[2] http://cxsecurity.com/issue/WLB-2013080057
[3] http://xforce.iss.net/xforce/xfdb/86312
[17.08.2013] - Added reference [3]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2013-5152
Type: Local/Remote
Impact: Spoofing
Risk: (2/5)
Release Date: 07.08.2013
Summary
MyBB, also known as MyBBoard or MyBulletinBoard, is a powerful, efficient, and free forum package, developed using PHP and MySQL.Description
Input passed via the 'url' parameter in 'member.php' script is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.Vendor
MyBB Group - http://www.mybb.comAffected Version
1.6.10Tested On
Microsoft Windows 7 Ultimate SP1 (EN)Apache 2.4.2 (Win32)
PHP 5.4.7
MySQL 5.5.25a
Vendor Status
[02.08.2013] Vulnerability discovered.[06.08.2013] Vendor has knowledge about the issue.
[07.08.2013] Public security advisory released.
PoC
mybb_redirect.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] http://packetstormsecurity.com/files/122724[2] http://cxsecurity.com/issue/WLB-2013080057
[3] http://xforce.iss.net/xforce/xfdb/86312
Changelog
[07.08.2013] - Initial release[17.08.2013] - Added reference [3]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk