[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060129200242.19818.qmail@securityfocus.com>
Date: 29 Jan 2006 20:02:42 -0000
From: o.y.6@...mail.com, @securityfocus.com,
D3vil-0x1@...urityfocus.com
To: bugtraq@...urityfocus.com
Subject: MyBB 1.2 usercp2.php [ $url ] CrossSiteScripting ( XSS )
Invalid characters removed from From: o.y.6@...mail.com, |@...urityfocus.com,
## MyBB 1.02 usercp2.php XSS
##------------------------------##
## Devil-00 D3vil-0x1 - Attacking MyBB :)##
## ##
## devil-00@....cc ##
## ##
##-----------------------------###
##
## File :- usercp2.php
## Var :- $url
## Line's :-
## -> 39
## -> 58
## -> 84
## -> 108
## -> 130
## -> 149
## -> 164
## -> 178
## -> 192
###################################
##
## Exploit :-
##-------------------------------------------------------------##
[ Go to any topic .. then go to the end of the page ]
[ you will see " Add Thread to Favorites " ]
[ open the firefox with Live HTTP Headers ]
[ and click it .. go to Headers Edit ]
[ edit Referer :- "><script>alert(document.cookie);</script> ]
##-------------------------------------------------------------##
##
## Gr33tz :- www.securitygurus.net
BlackRay <- my new homei
HACKERS PAL
Valm0nt
Abducter
j7a
abdalmaged
Xion
And Others [ S4a Members with SG Members ]
** chow **
Powered by blists - more mailing lists