BugTraq
MyBB XSS cross-site scripting Dec 31 2005 08:25AM
addmimistrator gmail com (1 replies)
Hey
this is a security bug in printthread.PHP script of MyBB(all version also fully patched) that allows XSS crosssite scripting hacking and can be exploit without limitation.
post this message on a thread and go to print view of thread to view execution of exploit.

<script language=javascript>document.write("<script language=javascript>a"+"lert('Security bug allows XSS Cross-site scripting hacking found by imei')</"+"script>");</script>

this bug is in result of poor checking htmlspecialchars in printthread view of a topic and can exploit without any limitation against cookies.

be beauty
imei

[ reply ]
SCO Openserver 5.0.x exploit Jan 02 2006 11:43PM
rod hedor (rodhedor hotmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus