Bugtraq mailing list archives
MyBB 1.2 usercp2.php [ $url ] CrossSiteScripting ( XSS )
From: o.y.6 () hotmail com, ""@securityfocus.com, D3vil-0x1 () securityfocus com
Date: 29 Jan 2006 20:02:42 -0000
Invalid characters removed from From: o.y.6 () hotmail com, |@securityfocus.com,
## MyBB 1.02 usercp2.php XSS
##------------------------------##
## Devil-00 D3vil-0x1 - Attacking MyBB :)##
## ##
## devil-00 () s4a cc ##
## ##
##-----------------------------###
##
## File :- usercp2.php
## Var :- $url
## Line's :-
## -> 39
## -> 58
## -> 84
## -> 108
## -> 130
## -> 149
## -> 164
## -> 178
## -> 192
###################################
##
## Exploit :-
##-------------------------------------------------------------##
[ Go to any topic .. then go to the end of the page ]
[ you will see " Add Thread to Favorites " ]
[ open the firefox with Live HTTP Headers ]
[ and click it .. go to Headers Edit ]
[ edit Referer :- "><script>alert(document.cookie);</script> ]
##-------------------------------------------------------------##
##
## Gr33tz :- www.securitygurus.net
BlackRay <- my new homei
HACKERS PAL
Valm0nt
Abducter
j7a
abdalmaged
Xion
And Others [ S4a Members with SG Members ]
** chow **
Current thread:
- MyBB 1.2 usercp2.php [ $url ] CrossSiteScripting ( XSS ) (Jan 30)