BugTraq
MyBB 1.2 usercp2.php [ $url ] CrossSiteScripting ( XSS ) Jan 29 2006 08:02PM
o y 6 hotmail com, | securityfocus com,D3vil-0x1 securityfocus com
## MyBB 1.02 usercp2.php XSS
##------------------------------##
## Devil-00 D3vil-0x1 - Attacking MyBB :)##
## ##
## devil-00 (at) s4a (dot) cc [email concealed] ##
## ##
##-----------------------------###
##
## File :- usercp2.php
## Var :- $url
## Line's :-
## -> 39
## -> 58
## -> 84
## -> 108
## -> 130
## -> 149
## -> 164
## -> 178
## -> 192
###################################
##
## Exploit :-
##-------------------------------------------------------------##
[ Go to any topic .. then go to the end of the page ]
[ you will see " Add Thread to Favorites " ]
[ open the firefox with Live HTTP Headers ]
[ and click it .. go to Headers Edit ]
[ edit Referer :- "><script>alert(document.cookie);</script> ]
##-------------------------------------------------------------##
##
## Gr33tz :- www.securitygurus.net

BlackRay <- my new homei
HACKERS PAL
Valm0nt
Abducter
j7a
abdalmaged
Xion

And Others [ S4a Members with SG Members ]
** chow **

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus