Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

MyBB 1.10 New XSS ' member.php '

From: o.y.6 () hotmail com
Date: 12 Apr 2006 22:05:19 -0000
//-- MyBB 1.10 New XSS ' member.php ' --//

Webattack :-
        1- Logout
    2- Open Firefox
    3- Use [ Live HTTP Headers ]
    4- Do Register
    5- Agree It
    6- Edit Cookies By Live HTTP Headers
    7- Add This Cookies :D
        mybb[referrer]="></input><b>HTML</b><input>;

//-- FixIT --//

        Open member.php
    GoTo Line :- 595 ..


                $referrername = $_COOKIE['mybb']['referrer'];


        Replace It With

                $referrername = htmlspecialchars($_COOKIE['mybb']['referrer']);

//-- --//
Previous By Date Next
Previous By Thread Next

Current thread: