Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:11230
HistoryJan 30, 2006 - 12:00 a.m.

MyBB 1.2 usercp2.php [ $url ] CrossSiteScripting ( XSS )

2006-01-3000:00:00
vulners.com
15
JSON

Invalid characters removed from From: [email protected], |@securityfocus.com,

MyBB 1.02 usercp2.php XSS

##------------------------------##

Devil-00 D3vil-0x1 - Attacking MyBB :)##

[email protected]

##-----------------------------###

File :- usercp2.php

Var :- $url

Line's :-

-> 39

-> 58

-> 84

-> 108

-> 130

-> 149

-> 164

-> 178

-> 192

###################################

Exploit :-

##-------------------------------------------------------------##
[ Go to any topic … then go to the end of the page ]
[ you will see " Add Thread to Favorites " ]
[ open the firefox with Live HTTP Headers ]
[ and click it … go to Headers Edit ]
[ edit Referer :- "><script>alert(document.cookie);</script> ]
##-------------------------------------------------------------##

Gr33tz :- www.securitygurus.net

            BlackRay &lt;- my new homei
            HACKERS PAL
            Valm0nt
            Abducter
            j7a
            abdalmaged
            Xion
            
            And Others [ S4a Members with SG Members ]

chow

JSON