| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 7 Feb 2006 04:55:08 -0000 From: addmimistrator@...il.com To: bugtraq@...urityfocus.com Subject: [myimei]MyBB 1.0.2 XSS attack in search.php original advisory: http://myimei.com/security/2006-01-14-mybb-102searchphpxss-attackandmore/index.html --------------- -Summary- Software: MyBB Sowtwares Web Site: http://mybboard.com Versions: 1.0.2 Class: Remote Status: patched in 1.0.3 Exploit: Available Solution: Available Discovered by: imei Risk: low Description mybb has a security bug that allows hacker to know that what is the table perfix value in database also can perform a XSS attack. bug is in result of leaving some unneeded codes in search.php file. Exploit- go to this url in forum search.php?s=de1aaf9b&action=do_search&keywords=%3Cscript%3E alert(1)%3C/script%3E&srchtype=3 Solution No Patch available. (bug reported to vendor today) Credit Discovered by: imei addmimistrator addmimistrator[4]gmail[O]com www.myimei.com security.myimei.com
Powered by blists - more mailing lists