lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060129200242.19818.qmail@securityfocus.com>
Date: 29 Jan 2006 20:02:42 -0000
From: o.y.6@...mail.com, @securityfocus.com,
	D3vil-0x1@...urityfocus.com
To: bugtraq@...urityfocus.com
Subject: MyBB 1.2 usercp2.php [ $url ] CrossSiteScripting ( XSS )


Invalid characters removed from From: o.y.6@...mail.com, |@...urityfocus.com,

## MyBB 1.02 usercp2.php XSS
##------------------------------##
## Devil-00 D3vil-0x1 - Attacking MyBB :)##
##				##
## devil-00@....cc		##
##				##
##-----------------------------###
##
## File :- usercp2.php
## Var  :- $url
## Line's :-
##		-> 39
##		-> 58
##		-> 84
##		-> 108
##		-> 130
##		-> 149
##		-> 164
##		-> 178
##		-> 192
###################################
## 
## Exploit :-
##-------------------------------------------------------------##
[  Go to any topic .. then go to the end of the page		]
[  you will see " Add Thread to Favorites "			]
[  open the firefox with Live HTTP Headers			]
[  and click it .. go to Headers Edit				]
[  edit Referer :- "><script>alert(document.cookie);</script>	]
##-------------------------------------------------------------##
##
## Gr33tz :- www.securitygurus.net
		
		BlackRay <- my new homei
		HACKERS PAL
		Valm0nt
		Abducter
		j7a
		abdalmaged
		Xion
		
		And Others [ S4a Members with SG Members ]
** chow **
		


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ