| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 29 Jan 2006 20:02:42 -0000 From: o.y.6@...mail.com, @securityfocus.com, D3vil-0x1@...urityfocus.com To: bugtraq@...urityfocus.com Subject: MyBB 1.2 usercp2.php [ $url ] CrossSiteScripting ( XSS ) Invalid characters removed from From: o.y.6@...mail.com, |@...urityfocus.com, ## MyBB 1.02 usercp2.php XSS ##------------------------------## ## Devil-00 D3vil-0x1 - Attacking MyBB :)## ## ## ## devil-00@....cc ## ## ## ##-----------------------------### ## ## File :- usercp2.php ## Var :- $url ## Line's :- ## -> 39 ## -> 58 ## -> 84 ## -> 108 ## -> 130 ## -> 149 ## -> 164 ## -> 178 ## -> 192 ################################### ## ## Exploit :- ##-------------------------------------------------------------## [ Go to any topic .. then go to the end of the page ] [ you will see " Add Thread to Favorites " ] [ open the firefox with Live HTTP Headers ] [ and click it .. go to Headers Edit ] [ edit Referer :- "><script>alert(document.cookie);</script> ] ##-------------------------------------------------------------## ## ## Gr33tz :- www.securitygurus.net BlackRay <- my new homei HACKERS PAL Valm0nt Abducter j7a abdalmaged Xion And Others [ S4a Members with SG Members ] ** chow **
Powered by blists - more mailing lists