BugTraq
Back to list
|
Post reply
MyBB 1.10 New XSS ' member.php '
Apr 12 2006 10:05PM
o y 6 hotmail com
//-- MyBB 1.10 New XSS ' member.php ' --//
Webattack :-
1- Logout
2- Open Firefox
3- Use [ Live HTTP Headers ]
4- Do Register
5- Agree It
6- Edit Cookies By Live HTTP Headers
7- Add This Cookies :D
mybb[referrer]="></input><b>HTML</b><input>;
//-- FixIT --//
Open member.php
GoTo Line :- 595 ..
$referrername = $_COOKIE['mybb']['referrer'];
Replace It With
$referrername = htmlspecialchars($_COOKIE['mybb']['referrer']);
//-- --//
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Webattack :-
1- Logout
2- Open Firefox
3- Use [ Live HTTP Headers ]
4- Do Register
5- Agree It
6- Edit Cookies By Live HTTP Headers
7- Add This Cookies :D
mybb[referrer]="></input><b>HTML</b><input>;
//-- FixIT --//
Open member.php
GoTo Line :- 595 ..
$referrername = $_COOKIE['mybb']['referrer'];
Replace It With
$referrername = htmlspecialchars($_COOKIE['mybb']['referrer']);
//-- --//
[ reply ]