[41884] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

MyBB XSS cross-site scripting

daemon@ATHENA.MIT.EDU (addmimistrator@gmail.com)
Sat Dec 31 12:13:00 2005

Date: 31 Dec 2005 08:25:26 -0000
Message-ID: <20051231082526.28498.qmail@securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: addmimistrator@gmail.com
To: bugtraq@securityfocus.com

Hey
this is a security bug in printthread.PHP script of MyBB(all version also fully patched) that allows XSS crosssite scripting hacking and can be exploit without limitation.
post this message on a thread and go to print view of thread to view execution of exploit.

<script language=javascript>document.write("<script language=javascript>a"+"lert('Security bug allows XSS Cross-site scripting hacking found by imei')</"+"script>");</script>

this bug is in result of poor checking htmlspecialchars in printthread view of a topic and can exploit without any limitation against cookies.

be beauty
imei


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[41884] in bugtraq

MyBB XSS cross-site scripting

daemon@ATHENA.MIT.EDU (addmimistrator@gmail.com)Sat Dec 31 12:13:00 2005

daemon@ATHENA.MIT.EDU (addmimistrator@gmail.com)
Sat Dec 31 12:13:00 2005